1 files changed, 35 insertions, 0 deletions
diff --git a/usb/usb-resizing-usbmon-binary-interface-buffer-causes-protection-faults.patch b/usb/usb-resizing-usbmon-binary-interface-buffer-causes-protection-faults.patch
new file mode 100644
index 00000000000000..cd5eb6fb2b117d
--- /dev/null
+++ b/usb/usb-resizing-usbmon-binary-interface-buffer-causes-protection-faults.patch
@@ -0,0 +1,35 @@
+From linux-usb-owner@vger.kernel.org  Thu Jul 22 15:57:03 2010
+Message-ID: <4C475AD4.8090000@strobe.cc>
+Date: Wed, 21 Jul 2010 16:38:44 -0400
+From: Steven Robertson <steven@strobe.cc>
+To: linux-usb@vger.kernel.org, greg@kroah.com
+Subject: USB: resizing usbmon binary interface buffer causes protection faults
+
+Enlarging the buffer size via the MON_IOCT_RING_SIZE ioctl causes
+general protection faults. It appears the culprit is an incorrect
+argument to mon_free_buff: instead of passing the size of the current
+buffer being freed, the size of the new buffer is passed.
+
+Use the correct size argument to mon_free_buff when changing the size of
+the buffer.
+
+Signed-off-by: Steven Robertson <steven@strobe.cc>
+Acked-by: Pete Zaitcev <zaitcev@redhat.com>
+Cc: stable <stable@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/usb/mon/mon_bin.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/usb/mon/mon_bin.c
++++ b/drivers/usb/mon/mon_bin.c
+@@ -1004,7 +1004,7 @@ static long mon_bin_ioctl(struct file *f
+ 
+ 		mutex_lock(&rp->fetch_lock);
+ 		spin_lock_irqsave(&rp->b_lock, flags);
+-		mon_free_buff(rp->b_vec, size/CHUNK_SIZE);
++		mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE);
+ 		kfree(rp->b_vec);
+ 		rp->b_vec  = vec;
+ 		rp->b_size = size;