All of lore.kernel.org
 help / color / mirror / Atom feed
From: Johan Hovold <jhovold@gmail.com>
To: Greg Kroah-Hartman <gregkh@suse.de>
Cc: linux-usb@vger.kernel.org, linux-kernel@vger.kernel.org,
	Johan Hovold <jhovold@gmail.com>,
	Oliver Neukum <oliver@neukum.name>
Subject: [PATCH 08/13] USB: kl5kusb105: fix DMA buffers on stack
Date: Thu, 31 Dec 2009 16:48:04 +0100	[thread overview]
Message-ID: <1262274489-12447-9-git-send-email-jhovold@gmail.com> (raw)
In-Reply-To: <1262037718-31424-1-git-send-email-jhovold@gmail.com>

Cc: Oliver Neukum <oliver@neukum.name>
Signed-off-by: Johan Hovold <jhovold@gmail.com>
---
 drivers/usb/serial/kl5kusb105.c |   63 +++++++++++++++++++++++++++-----------
 1 files changed, 45 insertions(+), 18 deletions(-)

diff --git a/drivers/usb/serial/kl5kusb105.c b/drivers/usb/serial/kl5kusb105.c
index 3a78738..731964b 100644
--- a/drivers/usb/serial/kl5kusb105.c
+++ b/drivers/usb/serial/kl5kusb105.c
@@ -212,10 +212,19 @@ static int klsi_105_get_line_state(struct usb_serial_port *port,
 				   unsigned long *line_state_p)
 {
 	int rc;
-	__u8 status_buf[KLSI_STATUSBUF_LEN] = { -1, -1};
+	u8 *status_buf;
 	__u16 status;
 
 	dev_info(&port->serial->dev->dev, "sending SIO Poll request\n");
+
+	status_buf = kmalloc(KLSI_STATUSBUF_LEN, GFP_KERNEL);
+	if (!status_buf) {
+		dev_err(&port->dev, "%s - out of memory for status buffer.\n",
+				__func__);
+		return -ENOMEM;
+	}
+	status_buf[0] = 0xff;
+	status_buf[1] = 0xff;
 	rc = usb_control_msg(port->serial->dev,
 			     usb_rcvctrlpipe(port->serial->dev, 0),
 			     KL5KUSB105A_SIO_POLL,
@@ -236,6 +245,8 @@ static int klsi_105_get_line_state(struct usb_serial_port *port,
 
 		*line_state_p = klsi_105_status2linestate(status);
 	}
+
+	kfree(status_buf);
 	return rc;
 }
 
@@ -364,7 +375,7 @@ static int  klsi_105_open(struct tty_struct *tty, struct usb_serial_port *port)
 	int rc;
 	int i;
 	unsigned long line_state;
-	struct klsi_105_port_settings cfg;
+	struct klsi_105_port_settings *cfg;
 	unsigned long flags;
 
 	dbg("%s port %d", __func__, port->number);
@@ -376,12 +387,18 @@ static int  klsi_105_open(struct tty_struct *tty, struct usb_serial_port *port)
 	 * Then read the modem line control and store values in
 	 * priv->line_state.
 	 */
-	cfg.pktlen   = 5;
-	cfg.baudrate = kl5kusb105a_sio_b9600;
-	cfg.databits = kl5kusb105a_dtb_8;
-	cfg.unknown1 = 0;
-	cfg.unknown2 = 1;
-	klsi_105_chg_port_settings(port, &cfg);
+	cfg = kmalloc(sizeof(*cfg), GFP_KERNEL);
+	if (!cfg) {
+		dev_err(&port->dev, "%s - out of memory for config buffer.\n",
+				__func__);
+		return -ENOMEM;
+	}
+	cfg->pktlen   = 5;
+	cfg->baudrate = kl5kusb105a_sio_b9600;
+	cfg->databits = kl5kusb105a_dtb_8;
+	cfg->unknown1 = 0;
+	cfg->unknown2 = 1;
+	klsi_105_chg_port_settings(port, cfg);
 
 	/* set up termios structure */
 	spin_lock_irqsave(&priv->lock, flags);
@@ -391,11 +408,11 @@ static int  klsi_105_open(struct tty_struct *tty, struct usb_serial_port *port)
 	priv->termios.c_lflag = tty->termios->c_lflag;
 	for (i = 0; i < NCCS; i++)
 		priv->termios.c_cc[i] = tty->termios->c_cc[i];
-	priv->cfg.pktlen   = cfg.pktlen;
-	priv->cfg.baudrate = cfg.baudrate;
-	priv->cfg.databits = cfg.databits;
-	priv->cfg.unknown1 = cfg.unknown1;
-	priv->cfg.unknown2 = cfg.unknown2;
+	priv->cfg.pktlen   = cfg->pktlen;
+	priv->cfg.baudrate = cfg->baudrate;
+	priv->cfg.databits = cfg->databits;
+	priv->cfg.unknown1 = cfg->unknown1;
+	priv->cfg.unknown2 = cfg->unknown2;
 	spin_unlock_irqrestore(&priv->lock, flags);
 
 	/* READ_ON and urb submission */
@@ -441,6 +458,7 @@ static int  klsi_105_open(struct tty_struct *tty, struct usb_serial_port *port)
 		retval = rc;
 
 exit:
+	kfree(cfg);
 	return retval;
 } /* klsi_105_open */
 
@@ -714,10 +732,17 @@ static void klsi_105_set_termios(struct tty_struct *tty,
 	unsigned int old_iflag = old_termios->c_iflag;
 	unsigned int cflag = tty->termios->c_cflag;
 	unsigned int old_cflag = old_termios->c_cflag;
-	struct klsi_105_port_settings cfg;
+	struct klsi_105_port_settings *cfg;
 	unsigned long flags;
 	speed_t baud;
 
+	cfg = kmalloc(sizeof(*cfg), GFP_KERNEL);
+	if (!cfg) {
+		dev_err(&port->dev, "%s - out of memory for config buffer.\n",
+				__func__);
+		return;
+	}
+
 	/* lock while we are modifying the settings */
 	spin_lock_irqsave(&priv->lock, flags);
 
@@ -793,11 +818,11 @@ static void klsi_105_set_termios(struct tty_struct *tty,
 		case CS5:
 			dbg("%s - 5 bits/byte not supported", __func__);
 			spin_unlock_irqrestore(&priv->lock, flags);
-			return ;
+			goto err;
 		case CS6:
 			dbg("%s - 6 bits/byte not supported", __func__);
 			spin_unlock_irqrestore(&priv->lock, flags);
-			return ;
+			goto err;
 		case CS7:
 			priv->cfg.databits = kl5kusb105a_dtb_7;
 			break;
@@ -856,11 +881,13 @@ static void klsi_105_set_termios(struct tty_struct *tty,
 #endif
 		;
 	}
-	memcpy(&cfg, &priv->cfg, sizeof(cfg));
+	memcpy(cfg, &priv->cfg, sizeof(*cfg));
 	spin_unlock_irqrestore(&priv->lock, flags);
 
 	/* now commit changes to device */
-	klsi_105_chg_port_settings(port, &cfg);
+	klsi_105_chg_port_settings(port, cfg);
+err:
+	kfree(cfg);
 } /* klsi_105_set_termios */
 
 
-- 
1.6.6


  parent reply	other threads:[~2009-12-31 15:50 UTC|newest]

Thread overview: 41+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-12-28 22:01 [PATCH 00/14] USB: serial: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-28 22:01 ` [PATCH 01/14] USB: ch341: replace printk warnings with dev_err Johan Hovold
2009-12-28 22:01 ` [PATCH 02/14] USB: ch341: fix DMA buffer on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 03/14] USB: ch341: use le16_to_cpup to be explicit about endianess Johan Hovold
2009-12-28 22:01 ` [PATCH 04/14] USB: cypress_m8: fix DMA buffer on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 05/14] USB: cypress_m8: fix endianess bug Johan Hovold
2009-12-28 22:01 ` [PATCH 06/14] USB: io_ti: fix DMA buffers on stack Johan Hovold
2009-12-28 22:01 ` [PATCH 07/14] USB: keyspan_pda: " Johan Hovold
2009-12-28 22:01 ` [PATCH 08/14] USB: kl5kusb105: " Johan Hovold
2009-12-28 22:01 ` [PATCH 09/14] USB: mct_u232: " Johan Hovold
2009-12-31 11:40   ` Johan Hovold
2010-01-15 18:43     ` Greg KH
2009-12-28 22:01 ` [PATCH 10/14] USB: mos7720: fix DMA buffers on stack and clean up send_mos_cmd Johan Hovold
2009-12-28 22:01 ` [PATCH 11/14] USB: mos7840: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-28 22:01 ` [PATCH 12/14] USB: oti6858: fix DMA buffer on stack Johan Hovold
2009-12-28 22:46   ` Andres Salomon
2009-12-28 22:51     ` Andres Salomon
2009-12-28 22:01 ` [PATCH 13/14] USB: visor: fix DMA buffers " Johan Hovold
2009-12-28 22:01 ` [PATCH 14/14] USB: kobil_sct: clean up kobil_set_termios Johan Hovold
2009-12-30 16:06 ` [PATCH 00/14] USB: serial: fix DMA buffers on stack and endianess bugs Dan Carpenter
2009-12-30 17:33   ` Johan Hovold
2009-12-30 16:06 ` [patch] USB: serial: fix DMA buffers on stack for io_edgeport.c Dan Carpenter
2009-12-30 17:14   ` Johan Hovold
2009-12-30 17:50     ` Dan Carpenter
2009-12-31 15:42     ` [patch v2] " Dan Carpenter
2009-12-31 15:47 ` [PATCH 00/13][v2] USB: serial: fix DMA buffers on stack and endianess bugs Johan Hovold
2010-01-15 18:50   ` Greg KH
2010-01-16 12:45     ` Johan Hovold
2009-12-31 15:47 ` [PATCH 01/13] USB: ch341: replace printk warnings with dev_err Johan Hovold
2009-12-31 15:47 ` [PATCH 02/13] USB: ch341: fix DMA buffer on stack Johan Hovold
2009-12-31 15:47 ` [PATCH 03/13] USB: ch341: use get_unaligned_le16 in break_ctl Johan Hovold
2009-12-31 15:48 ` [PATCH 04/13] USB: cypress_m8: fix DMA buffer on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 05/13] USB: cypress_m8: fix endianess bug and alignment Johan Hovold
2009-12-31 15:48 ` [PATCH 06/13] USB: io_ti: fix DMA buffers on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 07/13] USB: keyspan_pda: " Johan Hovold
2009-12-31 15:48 ` Johan Hovold [this message]
2009-12-31 15:48 ` [PATCH 09/13] USB: mos7720: fix DMA buffers on stack and clean up send_mos_cmd Johan Hovold
2009-12-31 15:48 ` [PATCH 10/13] USB: mos7840: fix DMA buffers on stack and endianess bugs Johan Hovold
2009-12-31 15:48 ` [PATCH 11/13] USB: oti6858: fix DMA buffer on stack Johan Hovold
2009-12-31 15:48 ` [PATCH 12/13] USB: visor: fix DMA buffers " Johan Hovold
2009-12-31 15:48 ` [PATCH 13/13] USB: kobil_sct: clean up kobil_set_termios Johan Hovold

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1262274489-12447-9-git-send-email-jhovold@gmail.com \
    --to=jhovold@gmail.com \
    --cc=gregkh@suse.de \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-usb@vger.kernel.org \
    --cc=oliver@neukum.name \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.