github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 07:03:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
3ca013cd63
linux/drivers/isdn
History
Juliana Rodrigueiro 07efe13b95 isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack 
[ Upstream commit d8a1de3d5b ]

Since linux 4.9 it is not possible to use buffers on the stack for DMA transfers.

During usb probe the driver crashes with "transfer buffer is on stack" message.

This fix k-allocates a buffer to be used on "read_reg_atomic", which is a macro
that calls "usb_control_msg" under the hood.

Kernel 4.19 backtrace:

usb_hcd_submit_urb+0x3e5/0x900
? sched_clock+0x9/0x10
? log_store+0x203/0x270
? get_random_u32+0x6f/0x90
? cache_alloc_refill+0x784/0x8a0
usb_submit_urb+0x3b4/0x550
usb_start_wait_urb+0x4e/0xd0
usb_control_msg+0xb8/0x120
hfcsusb_probe+0x6bc/0xb40 [hfcsusb]
usb_probe_interface+0xc2/0x260
really_probe+0x176/0x280
driver_probe_device+0x49/0x130
__driver_attach+0xa9/0xb0
? driver_probe_device+0x130/0x130
bus_for_each_dev+0x5a/0x90
driver_attach+0x14/0x20
? driver_probe_device+0x130/0x130
bus_add_driver+0x157/0x1e0
driver_register+0x51/0xe0
usb_register_driver+0x5d/0x120
? 0xf81ed000
hfcsusb_drv_init+0x17/0x1000 [hfcsusb]
do_one_initcall+0x44/0x190
? free_unref_page_commit+0x6a/0xd0
do_init_module+0x46/0x1c0
load_module+0x1dc1/0x2400
sys_init_module+0xed/0x120
do_fast_syscall_32+0x7a/0x200
entry_SYSENTER_32+0x6b/0xbe

Signed-off-by: Juliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-08-29 08:28:35 +02:00
..
capi isdn: fix kernel-infoleak in capi_unlocked_ioctl 2019-01-09 17:38:31 +01:00
divert vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gigaset isdn: bas_gigaset: use usb_fill_int_urb() properly 2019-05-16 19:41:31 +02:00
hardware isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack 2019-08-29 08:28:35 +02:00
hisax isdn: hisax: hfc_pci: Fix a possible concurrency use-after-free bug in HFCPCI_l1hw() 2019-02-12 19:47:18 +01:00
hysdn isdn: mark expected switch fall-throughs 2018-07-04 22:17:32 +09:00
i4l isdn: i4l: isdn_tty: Fix some concurrency double-free bugs 2019-02-27 10:08:55 +01:00
isdnloop
mISDN mISDN: make sure device name is NUL terminated 2019-06-22 08:15:16 +02:00
Kconfig
Makefile