queue/net-can-usb-gs_usb-Fix-buffer-on-stack.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-4.8 - Git at Google

 From b05c73bd1e3ec60357580eb042ee932a5ed754d5 Mon Sep 17 00:00:00 2001
 From: Maksim Salau <maksim.salau@gmail.com>
 Date: Sun, 23 Apr 2017 20:31:40 +0300
 Subject: [PATCH] net: can: usb: gs_usb: Fix buffer on stack

 commit b05c73bd1e3ec60357580eb042ee932a5ed754d5 upstream.

 Allocate buffers on HEAP instead of STACK for local structures
 that are to be sent using usb_control_msg().

 Signed-off-by: Maksim Salau <maksim.salau@gmail.com>
 Cc: linux-stable <stable@vger.kernel.org> # >= v4.8
 Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

 diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c
 index 300349fe8dc0..eecee7f8dfb7 100644
 --- a/drivers/net/can/usb/gs_usb.c
 +++ b/drivers/net/can/usb/gs_usb.c
 @@ -739,13 +739,18 @@ static const struct net_device_ops gs_usb_netdev_ops = {
  static int gs_usb_set_identify(struct net_device *netdev, bool do_identify)
  {
  	struct gs_can *dev = netdev_priv(netdev);
 -	struct gs_identify_mode imode;
 +	struct gs_identify_mode *imode;
  	int rc;

 +	imode = kmalloc(sizeof(*imode), GFP_KERNEL);
 +
 +	if (!imode)
 +		return -ENOMEM;
 +
  	if (do_identify)
 -		imode.mode = GS_CAN_IDENTIFY_ON;
 +		imode->mode = GS_CAN_IDENTIFY_ON;
  	else
 -		imode.mode = GS_CAN_IDENTIFY_OFF;
 +		imode->mode = GS_CAN_IDENTIFY_OFF;

  	rc = usb_control_msg(interface_to_usbdev(dev->iface),
  			     usb_sndctrlpipe(interface_to_usbdev(dev->iface),
 @@ -755,10 +760,12 @@ static int gs_usb_set_identify(struct net_device *netdev, bool do_identify)
  			     USB_RECIP_INTERFACE,
  			     dev->channel,
  			     0,
 -			     &imode,
 -			     sizeof(imode),
 +			     imode,
 +			     sizeof(*imode),
  			     100);

 +	kfree(imode);
 +
  	return (rc > 0) ? 0 : rc;
  }

 --
 2.12.0
	From b05c73bd1e3ec60357580eb042ee932a5ed754d5 Mon Sep 17 00:00:00 2001
	From: Maksim Salau <maksim.salau@gmail.com>
	Date: Sun, 23 Apr 2017 20:31:40 +0300
	Subject: [PATCH] net: can: usb: gs_usb: Fix buffer on stack

	commit b05c73bd1e3ec60357580eb042ee932a5ed754d5 upstream.

	Allocate buffers on HEAP instead of STACK for local structures
	that are to be sent using usb_control_msg().

	Signed-off-by: Maksim Salau <maksim.salau@gmail.com>
	Cc: linux-stable <stable@vger.kernel.org> # >= v4.8
	Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

	diff --git a/drivers/net/can/usb/gs_usb.c b/drivers/net/can/usb/gs_usb.c
	index 300349fe8dc0..eecee7f8dfb7 100644
	--- a/drivers/net/can/usb/gs_usb.c
	+++ b/drivers/net/can/usb/gs_usb.c
	@@ -739,13 +739,18 @@ static const struct net_device_ops gs_usb_netdev_ops = {
	static int gs_usb_set_identify(struct net_device *netdev, bool do_identify)
	{
	struct gs_can *dev = netdev_priv(netdev);
	- struct gs_identify_mode imode;
	+ struct gs_identify_mode *imode;
	int rc;

	+ imode = kmalloc(sizeof(*imode), GFP_KERNEL);
	+
	+ if (!imode)
	+ return -ENOMEM;
	+
	if (do_identify)
	- imode.mode = GS_CAN_IDENTIFY_ON;
	+ imode->mode = GS_CAN_IDENTIFY_ON;
	else
	- imode.mode = GS_CAN_IDENTIFY_OFF;
	+ imode->mode = GS_CAN_IDENTIFY_OFF;

	rc = usb_control_msg(interface_to_usbdev(dev->iface),
	usb_sndctrlpipe(interface_to_usbdev(dev->iface),
	@@ -755,10 +760,12 @@ static int gs_usb_set_identify(struct net_device *netdev, bool do_identify)
	USB_RECIP_INTERFACE,
	dev->channel,
	0,
	- &imode,
	- sizeof(imode),
	+ imode,
	+ sizeof(*imode),
	100);

	+ kfree(imode);
	+
	return (rc > 0) ? 0 : rc;
	}

	--
	2.12.0