[PATCH 4.4 09/56] staging: vt6656: use off stack for in buffer USB transfers.

From: Greg Kroah-Hartman
Date: Thu May 18 2017 - 07:02:26 EST


4.4-stable review patch. If anyone has any objections, please let me know.

------------------

From: Malcolm Priestley <tvboxspy@xxxxxxxxx>

commit 05c0cf88bec588a7cb34de569acd871ceef26760 upstream.

Since 4.9 mandated USB buffers to be heap allocated. This causes
the driver to fail.

Create buffer for USB transfers.

Signed-off-by: Malcolm Priestley <tvboxspy@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/staging/vt6656/usbpipe.c | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)

--- a/drivers/staging/vt6656/usbpipe.c
+++ b/drivers/staging/vt6656/usbpipe.c
@@ -78,15 +78,28 @@ int vnt_control_in(struct vnt_private *p
u16 index, u16 length, u8 *buffer)
{
int status;
+ u8 *usb_buffer;

if (test_bit(DEVICE_FLAGS_DISCONNECTED, &priv->flags))
return STATUS_FAILURE;

mutex_lock(&priv->usb_lock);

+ usb_buffer = kmalloc(length, GFP_KERNEL);
+ if (!usb_buffer) {
+ mutex_unlock(&priv->usb_lock);
+ return -ENOMEM;
+ }
+
status = usb_control_msg(priv->usb,
- usb_rcvctrlpipe(priv->usb, 0), request, 0xc0, value,
- index, buffer, length, USB_CTL_WAIT);
+ usb_rcvctrlpipe(priv->usb, 0),
+ request, 0xc0, value,
+ index, usb_buffer, length, USB_CTL_WAIT);
+
+ if (status == length)
+ memcpy(buffer, usb_buffer, length);
+
+ kfree(usb_buffer);

mutex_unlock(&priv->usb_lock);