• J
    isdn: hfcsusb: Fix mISDN driver crash caused by transfer buffer on the stack · 07efe13b
    Juliana Rodrigueiro 提交于
    [ Upstream commit d8a1de3d5bb881507602bc02e004904828f88711 ]
    
    Since linux 4.9 it is not possible to use buffers on the stack for DMA transfers.
    
    During usb probe the driver crashes with "transfer buffer is on stack" message.
    
    This fix k-allocates a buffer to be used on "read_reg_atomic", which is a macro
    that calls "usb_control_msg" under the hood.
    
    Kernel 4.19 backtrace:
    
    usb_hcd_submit_urb+0x3e5/0x900
    ? sched_clock+0x9/0x10
    ? log_store+0x203/0x270
    ? get_random_u32+0x6f/0x90
    ? cache_alloc_refill+0x784/0x8a0
    usb_submit_urb+0x3b4/0x550
    usb_start_wait_urb+0x4e/0xd0
    usb_control_msg+0xb8/0x120
    hfcsusb_probe+0x6bc/0xb40 [hfcsusb]
    usb_probe_interface+0xc2/0x260
    really_probe+0x176/0x280
    driver_probe_device+0x49/0x130
    __driver_attach+0xa9/0xb0
    ? driver_probe_device+0x130/0x130
    bus_for_each_dev+0x5a/0x90
    driver_attach+0x14/0x20
    ? driver_probe_device+0x130/0x130
    bus_add_driver+0x157/0x1e0
    driver_register+0x51/0xe0
    usb_register_driver+0x5d/0x120
    ? 0xf81ed000
    hfcsusb_drv_init+0x17/0x1000 [hfcsusb]
    do_one_initcall+0x44/0x190
    ? free_unref_page_commit+0x6a/0xd0
    do_init_module+0x46/0x1c0
    load_module+0x1dc1/0x2400
    sys_init_module+0xed/0x120
    do_fast_syscall_32+0x7a/0x200
    entry_SYSENTER_32+0x6b/0xbe
    Signed-off-by: NJuliana Rodrigueiro <juliana.rodrigueiro@intra2net.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    Signed-off-by: NSasha Levin <sashal@kernel.org>
    07efe13b
hfcsusb.c 54.8 KB