This is a note to let you know that I've just added the patch titled
USB: Do not pass negative length to snoop_urb()
to the 2.6.37-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
usb-do-not-pass-negative-length-to-snoop_urb.patch
and it can be found in the queue-2.6.37 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 9d02b42614149ebccf12c9c580601ed01bd83070 Mon Sep 17 00:00:00 2001
From: Michal Sojka <[email protected]>
Date: Tue, 15 Mar 2011 16:41:47 +0100
Subject: USB: Do not pass negative length to snoop_urb()
From: Michal Sojka <[email protected]>
commit 9d02b42614149ebccf12c9c580601ed01bd83070 upstream.
When `echo Y > /sys/module/usbcore/parameters/usbfs_snoop` and
usb_control_msg() returns error, a lot of kernel memory is dumped to dmesg
until unhandled kernel paging request occurs.
Signed-off-by: Michal Sojka <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/usb/core/devio.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/drivers/usb/core/devio.c
+++ b/drivers/usb/core/devio.c
@@ -802,7 +802,7 @@ static int proc_control(struct dev_state
tbuf, ctrl.wLength, tmo);
usb_lock_device(dev);
snoop_urb(dev, NULL, pipe, max(i, 0), min(i, 0), COMPLETE,
- tbuf, i);
+ tbuf, max(i, 0));
if ((i > 0) && ctrl.wLength) {
if (copy_to_user(ctrl.data, tbuf, i)) {
free_page((unsigned long)tbuf);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.37/usb-do-not-pass-negative-length-to-snoop_urb.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
