From: Florian Fainelli <f.fainelli@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: arnd@arndb.de, maksim.salau@gmail.com,
        Florian Fainelli <f.fainelli@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        David Mosberger <davidm@egauge.net>, Roger Quadros <rogerq@ti.com>,
        Wolfram Sang <wsa-dev@sang-engineering.com>,
        Oliver Neukum <oneukum@suse.com>, Jaejoong Kim <climbbb.kim@gmail.com>,
        linux-usb@vger.kernel.org (open list:USB SUBSYSTEM)
Subject: [PATCH] usb: core: Warn if an URB's transfer_buffer is on stack
Date: Sat, 22 Apr 2017 11:37:42 -0700
Message-Id: <20170422183744.11149-1-f.fainelli@gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1109
Lines: 33

We see a large number of fixes to several drivers to remove the usage of
on-stack buffers feeding into USB transfer functions. Make it easier to spot
the offenders by adding a warning in usb_start_wait_urb() for
urb->transfer_buffer to be located on the stack.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
---
 drivers/usb/core/message.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/usb/core/message.c b/drivers/usb/core/message.c
index 2184ef40a82a..abefddbe9243 100644
--- a/drivers/usb/core/message.c
+++ b/drivers/usb/core/message.c
@@ -8,6 +8,7 @@
 #include <linux/pci.h>	/* for scatterlist macros */
 #include <linux/usb.h>
 #include <linux/module.h>
+#include <linux/sched/task_stack.h> /* for object_is_on_stack */
 #include <linux/slab.h>
 #include <linux/mm.h>
 #include <linux/timer.h>
@@ -50,6 +51,8 @@ static int usb_start_wait_urb(struct urb *urb, int timeout, int *actual_length)
 	unsigned long expire;
 	int retval;
 
+	WARN_ON(object_is_on_stack(urb->transfer_buffer));
+
 	init_completion(&ctx.done);
 	urb->context = &ctx;
 	urb->actual_length = 0;
-- 
2.11.0