Allocate buffer on HEAP instead of STACK for a local variable
that is to be sent using usb_control_msg().
Signed-off-by: Maksim Salau <[email protected]>
---
drivers/net/wireless/intersil/orinoco/orinoco_usb.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
index bca6935..eb4528b 100644
--- a/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
+++ b/drivers/net/wireless/intersil/orinoco/orinoco_usb.c
@@ -770,18 +770,31 @@ static int ezusb_submit_in_urb(struct ezusb_priv *upriv)
static inline int ezusb_8051_cpucs(struct ezusb_priv *upriv, int reset)
{
- u8 res_val = reset; /* avoid argument promotion */
+ int ret;
+ u8 *res_val = NULL;
if (!upriv->udev) {
err("%s: !upriv->udev", __func__);
return -EFAULT;
}
- return usb_control_msg(upriv->udev,
+
+ res_val = kmalloc(sizeof(*res_val), GFP_KERNEL);
+
+ if (!res_val)
+ return -ENOMEM;
+
+ *res_val = reset; /* avoid argument promotion */
+
+ ret = usb_control_msg(upriv->udev,
usb_sndctrlpipe(upriv->udev, 0),
EZUSB_REQUEST_FW_TRANS,
USB_TYPE_VENDOR | USB_RECIP_DEVICE |
- USB_DIR_OUT, EZUSB_CPUCS_REG, 0, &res_val,
- sizeof(res_val), DEF_TIMEOUT);
+ USB_DIR_OUT, EZUSB_CPUCS_REG, 0, res_val,
+ sizeof(*res_val), DEF_TIMEOUT);
+
+ kfree(res_val);
+
+ return ret;
}
static int ezusb_firmware_download(struct ezusb_priv *upriv,
--
2.9.3
Maksim Salau <[email protected]> wrote:
> Allocate buffer on HEAP instead of STACK for a local variable
> that is to be sent using usb_control_msg().
>
> Signed-off-by: Maksim Salau <[email protected]>
Patch applied to wireless-drivers-next.git, thanks.
2f6ae79cb04b orinoco_usb: Fix buffer on stack
--
https://patchwork.kernel.org/patch/9694451/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches