Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1163947AbdDXB3v (ORCPT <rfc822;w@1wt.eu>);
        Sun, 23 Apr 2017 21:29:51 -0400
Received: from mail-io0-f195.google.com ([209.85.223.195]:33247 "EHLO
        mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1161001AbdDXB3r (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 23 Apr 2017 21:29:47 -0400
From: Florian Fainelli <f.fainelli@gmail.com>
To: linux-kernel@vger.kernel.org
Cc: arnd@arndb.de, maksim.salau@gmail.com,
        Florian Fainelli <f.fainelli@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Alan Stern <stern@rowland.harvard.edu>,
        Mathias Nyman <mathias.nyman@linux.intel.com>,
        Peter Chen <peter.chen@nxp.com>, Roger Quadros <rogerq@ti.com>,
        Baoyou Xie <baoyou.xie@linaro.org>, Sekhar Nori <nsekhar@ti.com>,
        Chris Bainbridge <chris.bainbridge@gmail.com>,
        Wolfram Sang <wsa-dev@sang-engineering.com>,
        linux-usb@vger.kernel.org (open list:USB SUBSYSTEM)
Subject: [PATCH v2] usb: core: Warn if an URB's transfer_buffer is on stack
Date: Sun, 23 Apr 2017 18:29:38 -0700
Message-Id: <20170424012939.29929-1-f.fainelli@gmail.com>
X-Mailer: git-send-email 2.11.0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1309
Lines: 38

We see a large number of fixes to several drivers to remove the usage of
on-stack buffers feeding into USB transfer functions. Make it easier to spot
the offenders by adding a warning in usb_hcd_map_urb_for_dma() checking that
urb->transfer_buffer is not a stack object.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
---
Changes in v2:

- moved the check from usb_start_wait_urb() to usb_hcd_map_urb_for_dma()

 drivers/usb/core/hcd.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 49550790a3cb..ce9063ce906a 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -26,6 +26,7 @@
 #include <linux/module.h>
 #include <linux/version.h>
 #include <linux/kernel.h>
+#include <linux/sched/task_stack.h>
 #include <linux/slab.h>
 #include <linux/completion.h>
 #include <linux/utsname.h>
@@ -1587,6 +1588,9 @@ int usb_hcd_map_urb_for_dma(struct usb_hcd *hcd, struct urb *urb,
 			} else if (is_vmalloc_addr(urb->transfer_buffer)) {
 				WARN_ONCE(1, "transfer buffer not dma capable\n");
 				ret = -EAGAIN;
+			} else if (object_is_on_stack(urb->transfer_buffer)) {
+				WARN_ONCE(1, "transfer buffer is on stack\n");
+				ret = -EAGAIN;
 			} else {
 				urb->transfer_dma = dma_map_single(
 						hcd->self.sysdev,
-- 
2.11.0