All of lore.kernel.org
 help / color / mirror / Atom feed
From: Johan Hovold <jhovold@gmail.com>
To: Greg Kroah-Hartman <gregkh@suse.de>
Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
	Johan Hovold <jhovold@gmail.com>
Subject: [PATCH 06/13] USB: io_ti: fix DMA buffers on stack
Date: Thu, 31 Dec 2009 16:48:02 +0100	[thread overview]
Message-ID: <1262274489-12447-7-git-send-email-jhovold@gmail.com> (raw)
In-Reply-To: <1262037718-31424-1-git-send-email-jhovold@gmail.com>


Signed-off-by: Johan Hovold <jhovold@gmail.com>
---
 drivers/usb/serial/io_ti.c |   66 ++++++++++++++++++++++++++++++++------------
 1 files changed, 48 insertions(+), 18 deletions(-)

diff --git a/drivers/usb/serial/io_ti.c b/drivers/usb/serial/io_ti.c
index d4cc0f7..1691f07 100644
--- a/drivers/usb/serial/io_ti.c
+++ b/drivers/usb/serial/io_ti.c
@@ -413,11 +413,18 @@ static int write_boot_mem(struct edgeport_serial *serial,
 {
 	int status = 0;
 	int i;
-	__u8 temp;
+	u8 *temp;
 
 	/* Must do a read before write */
 	if (!serial->TiReadI2C) {
-		status = read_boot_mem(serial, 0, 1, &temp);
+		temp = kmalloc(1, GFP_KERNEL);
+		if (!temp) {
+			dev_err(&serial->serial->dev->dev,
+					"%s - out of memory\n", __func__);
+			return -ENOMEM;
+		}
+		status = read_boot_mem(serial, 0, 1, temp);
+		kfree(temp);
 		if (status)
 			return status;
 	}
@@ -935,37 +942,47 @@ static int build_i2c_fw_hdr(__u8 *header, struct device *dev)
 static int i2c_type_bootmode(struct edgeport_serial *serial)
 {
 	int status;
-	__u8 data;
+	u8 *data;
+
+	data = kmalloc(1, GFP_KERNEL);
+	if (!data) {
+		dev_err(&serial->serial->dev->dev,
+				"%s - out of memory\n", __func__);
+		return -ENOMEM;
+	}
 
 	/* Try to read type 2 */
 	status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ,
-				DTK_ADDR_SPACE_I2C_TYPE_II, 0, &data, 0x01);
+				DTK_ADDR_SPACE_I2C_TYPE_II, 0, data, 0x01);
 	if (status)
 		dbg("%s - read 2 status error = %d", __func__, status);
 	else
-		dbg("%s - read 2 data = 0x%x", __func__, data);
-	if ((!status) && (data == UMP5152 || data == UMP3410)) {
+		dbg("%s - read 2 data = 0x%x", __func__, *data);
+	if ((!status) && (*data == UMP5152 || *data == UMP3410)) {
 		dbg("%s - ROM_TYPE_II", __func__);
 		serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II;
-		return 0;
+		goto out;
 	}
 
 	/* Try to read type 3 */
 	status = ti_vread_sync(serial->serial->dev, UMPC_MEMORY_READ,
-				DTK_ADDR_SPACE_I2C_TYPE_III, 0,	&data, 0x01);
+				DTK_ADDR_SPACE_I2C_TYPE_III, 0,	data, 0x01);
 	if (status)
 		dbg("%s - read 3 status error = %d", __func__, status);
 	else
-		dbg("%s - read 2 data = 0x%x", __func__, data);
-	if ((!status) && (data == UMP5152 || data == UMP3410)) {
+		dbg("%s - read 2 data = 0x%x", __func__, *data);
+	if ((!status) && (*data == UMP5152 || *data == UMP3410)) {
 		dbg("%s - ROM_TYPE_III", __func__);
 		serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_III;
-		return 0;
+		goto out;
 	}
 
 	dbg("%s - Unknown", __func__);
 	serial->TI_I2C_Type = DTK_ADDR_SPACE_I2C_TYPE_II;
-	return -ENODEV;
+	status = -ENODEV;
+out:
+	kfree(data);
+	return status;
 }
 
 static int bulk_xfer(struct usb_serial *serial, void *buffer,
@@ -1113,7 +1130,7 @@ static int download_fw(struct edgeport_serial *serial)
 				I2C_DESC_TYPE_FIRMWARE_BASIC, rom_desc);
 		if (start_address != 0) {
 			struct ti_i2c_firmware_rec *firmware_version;
-			__u8 record;
+			u8 *record;
 
 			dbg("%s - Found Type FIRMWARE (Type 2) record",
 								__func__);
@@ -1165,6 +1182,15 @@ static int download_fw(struct edgeport_serial *serial)
 				    OperationalMajorVersion,
 				    OperationalMinorVersion);
 
+				record = kmalloc(1, GFP_KERNEL);
+				if (!record) {
+					dev_err(dev, "%s - out of memory.\n",
+							__func__);
+					kfree(firmware_version);
+					kfree(rom_desc);
+					kfree(ti_manuf_desc);
+					return -ENOMEM;
+				}
 				/* In order to update the I2C firmware we must
 				 * change the type 2 record to type 0xF2. This
 				 * will force the UMP to come up in Boot Mode.
@@ -1177,13 +1203,14 @@ static int download_fw(struct edgeport_serial *serial)
 				 * firmware will update the record type from
 				 * 0xf2 to 0x02.
 				 */
-				record = I2C_DESC_TYPE_FIRMWARE_BLANK;
+				*record = I2C_DESC_TYPE_FIRMWARE_BLANK;
 
 				/* Change the I2C Firmware record type to
 				   0xf2 to trigger an update */
 				status = write_rom(serial, start_address,
-						sizeof(record),	&record);
+						sizeof(*record), record);
 				if (status) {
+					kfree(record);
 					kfree(firmware_version);
 					kfree(rom_desc);
 					kfree(ti_manuf_desc);
@@ -1196,19 +1223,21 @@ static int download_fw(struct edgeport_serial *serial)
 				 */
 				status = read_rom(serial,
 							start_address,
-							sizeof(record),
-							&record);
+							sizeof(*record),
+							record);
 				if (status) {
+					kfree(record);
 					kfree(firmware_version);
 					kfree(rom_desc);
 					kfree(ti_manuf_desc);
 					return status;
 				}
 
-				if (record != I2C_DESC_TYPE_FIRMWARE_BLANK) {
+				if (*record != I2C_DESC_TYPE_FIRMWARE_BLANK) {
 					dev_err(dev,
 						"%s - error resetting device\n",
 						__func__);
+					kfree(record);
 					kfree(firmware_version);
 					kfree(rom_desc);
 					kfree(ti_manuf_desc);
@@ -1226,6 +1255,7 @@ static int download_fw(struct edgeport_serial *serial)
 						__func__, status);
 
 				/* return an error on purpose. */
+				kfree(record);
 				kfree(firmware_version);
 				kfree(rom_desc);
 				kfree(ti_manuf_desc);
-- 
1.6.6


  parent reply	other threads:[~2009-12-31 15:51 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-28 22:01 [PATCH 00/14] USB: serial: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-28 22:01 ` [PATCH 01/14] USB: ch341: replace printk warnings with dev_err Johan Hovold
2009-12-28 22:01 ` [PATCH 02/14] USB: ch341: fix DMA buffer on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 03/14] USB: ch341: use le16_to_cpup to be explicit about endianess Johan Hovold
2009-12-28 22:01 ` [PATCH 04/14] USB: cypress_m8: fix DMA buffer on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 05/14] USB: cypress_m8: fix endianess bug Johan Hovold
2009-12-28 22:01 ` [PATCH 06/14] USB: io_ti: fix DMA buffers on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 07/14] USB: keyspan_pda: " Johan Hovold
2009-12-28 22:01 ` [PATCH 08/14] USB: kl5kusb105: " Johan Hovold
2009-12-28 22:01 ` [PATCH 09/14] USB: mct_u232: " Johan Hovold
2009-12-31 11:40   ` Johan Hovold
2010-01-15 18:43     ` Greg KH
2009-12-28 22:01 ` [PATCH 10/14] USB: mos7720: fix DMA buffers on stack and clean up send_mos_cmd Johan Hovold
2009-12-28 22:01 ` [PATCH 11/14] USB: mos7840: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-28 22:01 ` [PATCH 12/14] USB: oti6858: fix DMA buffer on stack Johan Hovold
2009-12-28 22:46   ` Andres Salomon
2009-12-28 22:51     ` Andres Salomon
2009-12-28 22:01 ` [PATCH 13/14] USB: visor: fix DMA buffers " Johan Hovold
2009-12-28 22:01 ` [PATCH 14/14] USB: kobil_sct: clean up kobil_set_termios Johan Hovold
2009-12-30 16:06 ` [PATCH 00/14] USB: serial: fix DMA buffers on stack and endianess bugs Dan Carpenter
2009-12-30 17:33   ` Johan Hovold
2009-12-30 16:06 ` [patch] USB: serial: fix DMA buffers on stack for io_edgeport.c Dan Carpenter
2009-12-30 17:14   ` Johan Hovold
2009-12-30 17:50     ` Dan Carpenter
2009-12-31 15:42     ` [patch v2] " Dan Carpenter
2009-12-31 15:47 ` [PATCH 00/13][v2] USB: serial: fix DMA buffers on stack and endianess bugs Johan Hovold
2010-01-15 18:50   ` Greg KH
2010-01-16 12:45     ` Johan Hovold
2009-12-31 15:47 ` [PATCH 01/13] USB: ch341: replace printk warnings with dev_err Johan Hovold
2009-12-31 15:47 ` [PATCH 02/13] USB: ch341: fix DMA buffer on stack Johan Hovold
2009-12-31 15:47 ` [PATCH 03/13] USB: ch341: use get_unaligned_le16 in break_ctl Johan Hovold
2009-12-31 15:48 ` [PATCH 04/13] USB: cypress_m8: fix DMA buffer on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 05/13] USB: cypress_m8: fix endianess bug and alignment Johan Hovold
2009-12-31 15:48 ` Johan Hovold [this message]
2009-12-31 15:48 ` [PATCH 07/13] USB: keyspan_pda: fix DMA buffers on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 08/13] USB: kl5kusb105: " Johan Hovold
2009-12-31 15:48 ` [PATCH 09/13] USB: mos7720: fix DMA buffers on stack and clean up send_mos_cmd Johan Hovold
2009-12-31 15:48 ` [PATCH 10/13] USB: mos7840: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-31 15:48 ` [PATCH 11/13] USB: oti6858: fix DMA buffer on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 12/13] USB: visor: fix DMA buffers " Johan Hovold
2009-12-31 15:48 ` [PATCH 13/13] USB: kobil_sct: clean up kobil_set_termios Johan Hovold

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1262274489-12447-7-git-send-email-jhovold@gmail.com \
    --to=jhovold@gmail.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.