From a39d8a39a434c35c13e05733a0d81b6356640acf Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott@fedoraproject.org>
Date: Apr 10 2017 17:55:52 +0000
Subject: Re-add fix for cxusb DMA on stack (rhbz 1439613)


---

diff --git a/1-2-media-cxusb-Use-a-dma-capable-buffer-also-for-reading.patch b/1-2-media-cxusb-Use-a-dma-capable-buffer-also-for-reading.patch
new file mode 100644
index 0000000..a3dec80
--- /dev/null
+++ b/1-2-media-cxusb-Use-a-dma-capable-buffer-also-for-reading.patch
@@ -0,0 +1,63 @@
+From patchwork Sun Feb  5 14:57:59 2017
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 8bit
+Subject: [1/2,media] cxusb: Use a dma capable buffer also for reading
+From: =?utf-8?q?Stefan_Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
+X-Patchwork-Id: 39207
+Message-Id: <b638428812af41e080ccfc7cf7ad6963@rwthex-w2-b.rwth-ad.de>
+To: <linux-media@vger.kernel.org>
+Cc: <linux-kernel@vger.kernel.org>, Mauro Carvalho Chehab <mchehab@kernel.org>,
+ Michael Krufky <mkrufky@linuxtv.org>,
+ =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
+Date: Sun, 5 Feb 2017 15:57:59 +0100
+
+Commit 17ce039b4e54 ("[media] cxusb: don't do DMA on stack")
+added a kmalloc'ed bounce buffer for writes, but missed to do the same
+for reads. As the read only happens after the write is finished, we can
+reuse the same buffer.
+
+As dvb_usb_generic_rw handles a read length of 0 by itself, avoid calling
+it using the dvb_usb_generic_read wrapper function.
+
+Signed-off-by: Stefan Brüns <stefan.bruens@rwth-aachen.de>
+---
+ drivers/media/usb/dvb-usb/cxusb.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/drivers/media/usb/dvb-usb/cxusb.c b/drivers/media/usb/dvb-usb/cxusb.c
+index 9b8c82d94b3f..8f28a63597bd 100644
+--- a/drivers/media/usb/dvb-usb/cxusb.c
++++ b/drivers/media/usb/dvb-usb/cxusb.c
+@@ -59,23 +59,24 @@ static int cxusb_ctrl_msg(struct dvb_usb_device *d,
+ 			  u8 cmd, u8 *wbuf, int wlen, u8 *rbuf, int rlen)
+ {
+ 	struct cxusb_state *st = d->priv;
+-	int ret, wo;
++	int ret;
+ 
+ 	if (1 + wlen > MAX_XFER_SIZE) {
+ 		warn("i2c wr: len=%d is too big!\n", wlen);
+ 		return -EOPNOTSUPP;
+ 	}
+ 
+-	wo = (rbuf == NULL || rlen == 0); /* write-only */
++	if (rlen > MAX_XFER_SIZE) {
++		warn("i2c rd: len=%d is too big!\n", rlen);
++		return -EOPNOTSUPP;
++	}
+ 
+ 	mutex_lock(&d->data_mutex);
+ 	st->data[0] = cmd;
+ 	memcpy(&st->data[1], wbuf, wlen);
+-	if (wo)
+-		ret = dvb_usb_generic_write(d, st->data, 1 + wlen);
+-	else
+-		ret = dvb_usb_generic_rw(d, st->data, 1 + wlen,
+-					 rbuf, rlen, 0);
++	ret = dvb_usb_generic_rw(d, st->data, 1 + wlen, st->data, rlen, 0);
++	if (!ret && rbuf && rlen)
++		memcpy(rbuf, st->data, rlen);
+ 
+ 	mutex_unlock(&d->data_mutex);
+ 	return ret;
diff --git a/kernel.spec b/kernel.spec
index a2b276a..37662c9 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -616,6 +616,9 @@ Patch860: 0001-ping-implement-proper-locking.patch
 
 Patch861: 0001-efi-libstub-Treat-missing-SecureBoot-variable-as-Sec.patch
 
+#rhbz 1439613
+Patch862: 1-2-media-cxusb-Use-a-dma-capable-buffer-also-for-reading.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2185,6 +2188,9 @@ fi
 #
 #
 %changelog
+* Mon Apr 10 2017 Laura Abbott <labbott@fedoraproject.org>
+- Re-add fix for cxusb DMA on stack (rhbz 1439613)
+
 * Mon Apr 10 2017 Justin M. Forbes <jforbes@fedoraproject.org> - 4.10.9-200
 - Linux v4.10.9