Fix up backported ptrace patch

[thirdparty/kernel/stable-queue.git] / releases / 4.4.36 / fix-usb-cb-cbi-storage-devices-with-config_vmap_stack-y.patch

From 2ce9d2272b98743b911196c49e7af5841381c206 Mon Sep 17 00:00:00 2001
From: Petr Vandrovec <petr@vandrovec.name>
Date: Thu, 10 Nov 2016 13:57:14 -0800
Subject: Fix USB CB/CBI storage devices with CONFIG_VMAP_STACK=y

From: Petr Vandrovec <petr@vandrovec.name>

commit 2ce9d2272b98743b911196c49e7af5841381c206 upstream.

Some code (all error handling) submits CDBs that are allocated
on the stack.  This breaks with CB/CBI code that tries to create
URB directly from SCSI command buffer - which happens to be in
vmalloced memory with vmalloced kernel stacks.

Let's make copy of the command in usb_stor_CB_transport.

Signed-off-by: Petr Vandrovec <petr@vandrovec.name>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 drivers/usb/storage/transport.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

--- a/drivers/usb/storage/transport.c
+++ b/drivers/usb/storage/transport.c
@@ -919,10 +919,15 @@ int usb_stor_CB_transport(struct scsi_cm
 
        /* COMMAND STAGE */
        /* let's send the command via the control pipe */
+       /*
+        * Command is sometime (f.e. after scsi_eh_prep_cmnd) on the stack.
+        * Stack may be vmallocated.  So no DMA for us.  Make a copy.
+        */
+       memcpy(us->iobuf, srb->cmnd, srb->cmd_len);
        result = usb_stor_ctrl_transfer(us, us->send_ctrl_pipe,
                                      US_CBI_ADSC, 
                                      USB_TYPE_CLASS | USB_RECIP_INTERFACE, 0, 
-                                     us->ifnum, srb->cmnd, srb->cmd_len);
+                                     us->ifnum, us->iobuf, srb->cmd_len);
 
        /* check the return code for the command */
        usb_stor_dbg(us, "Call to usb_stor_ctrl_transfer() returned %d\n",