From fb27baab98793a7806bb00c9afca870c7ccb410a Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
Date: Tue, 7 Feb 2017 01:44:24 +0000
Subject: [PATCH] pegasus: Use heap buffers for all register access (Closes:
 #852556)

---
 debian/changelog                              |  1 +
 ...heap-buffers-for-all-register-access.patch | 88 +++++++++++++++++++
 debian/patches/series                         |  1 +
 3 files changed, 90 insertions(+)
 create mode 100644 debian/patches/bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch

diff --git a/debian/changelog b/debian/changelog
index 9ac310f1f..df2112775 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -127,6 +127,7 @@ linux (4.9.8-1) UNRELEASED; urgency=medium
     - softirq: wake the timer softirq if needed
     - cpuset: Convert callback_lock to raw_spinlock_t
   * cpumask: use nr_cpumask_bits for parsing functions (Closes: #848682)
+  * pegasus: Use heap buffers for all register access (Closes: #852556)
 
   [ Roger Shimizu ]
   * [armel] ARM: dts: orion5x-lschl: Fix model name
diff --git a/debian/patches/bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch b/debian/patches/bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch
new file mode 100644
index 000000000..c09f50cd0
--- /dev/null
+++ b/debian/patches/bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch
@@ -0,0 +1,88 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Fri, 27 Jan 2017 02:44:26 +0000
+Subject: pegasus: Use heap buffers for all register access
+Forwarded: https://patchwork.ozlabs.org/patch/724109/
+Bug-Debian: https://bugs.debian.org/852556
+
+Allocating USB buffers on the stack is not portable, and no longer
+works on x86_64 (with VMAP_STACK enabled as per default).
+
+Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
+References: https://bugs.debian.org/852556
+Reported-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
+Tested-by: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+ drivers/net/usb/pegasus.c | 29 +++++++++++++++++++++++++----
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/net/usb/pegasus.c b/drivers/net/usb/pegasus.c
+index 24e803fe9a53..36674484c6fb 100644
+--- a/drivers/net/usb/pegasus.c
++++ b/drivers/net/usb/pegasus.c
+@@ -126,40 +126,61 @@ static void async_ctrl_callback(struct urb *urb)
+ 
+ static int get_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
+ {
++	u8 *buf;
+ 	int ret;
+ 
++	buf = kmalloc(size, GFP_NOIO);
++	if (!buf)
++		return -ENOMEM;
++
+ 	ret = usb_control_msg(pegasus->usb, usb_rcvctrlpipe(pegasus->usb, 0),
+ 			      PEGASUS_REQ_GET_REGS, PEGASUS_REQT_READ, 0,
+-			      indx, data, size, 1000);
++			      indx, buf, size, 1000);
+ 	if (ret < 0)
+ 		netif_dbg(pegasus, drv, pegasus->net,
+ 			  "%s returned %d\n", __func__, ret);
++	else if (ret <= size)
++		memcpy(data, buf, ret);
++	kfree(buf);
+ 	return ret;
+ }
+ 
+-static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size, void *data)
++static int set_registers(pegasus_t *pegasus, __u16 indx, __u16 size,
++			 const void *data)
+ {
++	u8 *buf;
+ 	int ret;
+ 
++	buf = kmemdup(data, size, GFP_NOIO);
++	if (!buf)
++		return -ENOMEM;
++
+ 	ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
+ 			      PEGASUS_REQ_SET_REGS, PEGASUS_REQT_WRITE, 0,
+-			      indx, data, size, 100);
++			      indx, buf, size, 100);
+ 	if (ret < 0)
+ 		netif_dbg(pegasus, drv, pegasus->net,
+ 			  "%s returned %d\n", __func__, ret);
++	kfree(buf);
+ 	return ret;
+ }
+ 
+ static int set_register(pegasus_t *pegasus, __u16 indx, __u8 data)
+ {
++	u8 *buf;
+ 	int ret;
+ 
++	buf = kmemdup(&data, 1, GFP_NOIO);
++	if (!buf)
++		return -ENOMEM;
++
+ 	ret = usb_control_msg(pegasus->usb, usb_sndctrlpipe(pegasus->usb, 0),
+ 			      PEGASUS_REQ_SET_REG, PEGASUS_REQT_WRITE, data,
+-			      indx, &data, 1, 1000);
++			      indx, buf, 1, 1000);
+ 	if (ret < 0)
+ 		netif_dbg(pegasus, drv, pegasus->net,
+ 			  "%s returned %d\n", __func__, ret);
++	kfree(buf);
+ 	return ret;
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 7b8d4193f..76252a558 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -75,6 +75,7 @@ bugfix/all/nbd-use-loff_t-for-blocksize-and-nbd_set_size-args.patch
 bugfix/all/ath9k-fix-null-pointer-dereference.patch
 bugfix/all/nbd-fix-64-bit-division.patch
 bugfix/all/cpumask-use-nr_cpumask_bits-for-parsing-functions.patch
+bugfix/all/pegasus-use-heap-buffers-for-all-register-access.patch
 
 # Miscellaneous features