[ 3.8.y.z extended stable ] Patch "HID: battery: don't do DMA from stack" has been added to staging queue

Kamal Mostafa kamal at canonical.com
Fri Sep 20 00:36:21 UTC 2013


This is a note to let you know that I have just added a patch titled

    HID: battery: don't do DMA from stack

to the linux-3.8.y-queue branch of the 3.8.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.8.y-queue

This patch is scheduled to be released in version 3.8.13.10.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.8.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

>From 2110977ad450cf94c5089e6ead07fa26248d6c9f Mon Sep 17 00:00:00 2001
From: Jiri Kosina <jkosina at suse.cz>
Date: Mon, 2 Sep 2013 13:43:00 +0200
Subject: HID: battery: don't do DMA from stack

commit 6c2794a2984f4c17a58117a68703cc7640f01c5a upstream.

Instead of using data from stack for DMA in hidinput_get_battery_property(),
allocate the buffer dynamically.

Reported-by: Richard Ryniker <ryniker at alum.mit.edu>
Reported-by: Alan Stern <stern at rowland.harvard.edu>
Signed-off-by: Jiri Kosina <jkosina at suse.cz>
[ kamal: backport to 3.8 (context) ]
Signed-off-by: Kamal Mostafa <kamal at canonical.com>
---
 drivers/hid/hid-input.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/drivers/hid/hid-input.c b/drivers/hid/hid-input.c
index 21b196c..f495ada 100644
--- a/drivers/hid/hid-input.c
+++ b/drivers/hid/hid-input.c
@@ -340,7 +340,7 @@ static int hidinput_get_battery_property(struct power_supply *psy,
 {
 	struct hid_device *dev = container_of(psy, struct hid_device, battery);
 	int ret = 0;
-	__u8 buf[2] = {};
+	__u8 *buf;

 	switch (prop) {
 	case POWER_SUPPLY_PROP_PRESENT:
@@ -349,13 +349,19 @@ static int hidinput_get_battery_property(struct power_supply *psy,
 		break;

 	case POWER_SUPPLY_PROP_CAPACITY:
+
+		buf = kmalloc(2 * sizeof(__u8), GFP_KERNEL);
+		if (!buf) {
+			ret = -ENOMEM;
+			break;
+		}
 		ret = dev->hid_get_raw_report(dev, dev->battery_report_id,
-					      buf, sizeof(buf),
+					      buf, 2,
 					      dev->battery_report_type);

 		if (ret != 2) {
-			if (ret >= 0)
-				ret = -EINVAL;
+			ret = -ENODATA;
+			kfree(buf);
 			break;
 		}

@@ -364,6 +370,7 @@ static int hidinput_get_battery_property(struct power_supply *psy,
 		    buf[1] <= dev->battery_max)
 			val->intval = (100 * (buf[1] - dev->battery_min)) /
 				(dev->battery_max - dev->battery_min);
+		kfree(buf);
 		break;

 	case POWER_SUPPLY_PROP_MODEL_NAME:
--
1.8.1.2





More information about the kernel-team mailing list