iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
85f7ffd5d2
linux/drivers
History
Clemens Ladisch 85f7ffd5d2 firewire: ohci: fix buffer overflow in AR split packet handling 
When the controller had to split a received asynchronous packet into two
buffers, the driver tries to reassemble it by copying both parts into
the first page.  However, if size + rest > PAGE_SIZE, i.e., if the yet
unhandled packets before the split packet, the split packet itself, and
any received packets after the split packet are together larger than one
page, then the memory after the first page would get overwritten.

To fix this, do not try to copy the data of all unhandled packets at
once, but copy the possibly needed data every time when handling
a packet.

This gets rid of most of the infamous crashes and data corruptions when
using firewire-net.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (cast PAGE_SIZE to size_t)
2010-10-30 23:37:19 +02:00
..
accessibility
acpi Merge branch 'msi-dmi' into release 2010-10-08 22:37:46 -04:00
amba
ata ahci: fix module refcount breakage introduced by libahci split 2010-09-28 15:14:51 -04:00
atm ATM: iphase, remove sleep-inside-atomic 2010-10-11 11:05:42 -07:00
auxdisplay
base
block ps3disk: passing wrong variable to bvec_kunmap_irq() 2010-10-12 18:56:33 +02:00
bluetooth
cdrom
char virtio: console: Don't block entire guest if host doesn't read data 2010-10-20 13:18:04 -07:00
clocksource
connector
cpufreq
cpuidle cpuidle: Fix typos 2010-09-28 23:30:38 -04:00
crypto
dca dca: disable dca on IOAT ver.3.0 multiple-IOH platforms 2010-09-17 20:08:21 -07:00
dio
dma ioat2: fix performance regression 2010-10-13 15:43:10 -07:00
edac i7core_edac: fix panic in udimm sysfs attributes registration 2010-10-01 10:50:58 -07:00
eisa
firewire firewire: ohci: fix buffer overflow in AR split packet handling 2010-10-30 23:37:19 +02:00
firmware
gpio
gpu drm/radeon/kms: avivo cursor workaround applies to evergreen as well 2010-10-18 09:14:35 +10:00
hid HID: Add Cando touch screen 15.6-inch product id 2010-10-13 10:47:32 +02:00
hwmon hwmon: f71882fg: use a muxed resource lock for the Super I/O port 2010-10-03 05:57:04 -07:00
i2c i2c-imx: do not allow interruptions when waiting for I2C to complete 2010-10-18 01:29:04 +01:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6 2010-09-19 11:06:34 -07:00
idle intel_idle: enable Atom C6 2010-10-08 22:16:27 -04:00
ieee1394
ieee802154
infiniband RDMA/cxgb3: Turn off RX coalescing for iWARP connections 2010-09-27 09:28:55 -07:00
input Input: evdev - fix EVIOCSABS regression 2010-10-18 08:45:08 -07:00
isdn isdn: strcpy() => strlcpy() 2010-10-08 10:21:22 -07:00
leds leds: leds-ns2: fix locking 2010-09-19 22:43:42 -04:00
lguest
macintosh
mca
md md: check return code of read_sb_page 2010-10-07 12:02:50 +11:00
media v4l1: fix 32-bit compat microcode loading translation 2010-10-15 11:12:38 -07:00
memstick
message
mfd mfd: Fix max8925 irq control bit incorrect setting 2010-09-29 10:14:53 +02:00
misc i2c: Remove obsolete cleanup for clientdata 2010-09-30 14:14:22 +02:00
mmc mmc: sdio: fix SDIO suspend/resume regression 2010-10-15 12:54:55 -04:00
mtd mxc_nand: do not depend on disabling the irq in the interrupt handler 2010-10-18 13:09:05 -07:00
net ehea: Fix a checksum issue on the receive path 2010-10-13 14:24:59 -07:00
nubus
of
oprofile
parisc
parport
pci Merge branch 'meego-7093' into idle-release 2010-09-28 23:30:58 -04:00
pcmcia pcmcia: pd6729: Fix error path 2010-09-26 15:54:25 +02:00
platform IPS driver: Fix limit clamping when reducing CPU power 2010-10-05 14:59:35 -04:00
pnp
power
pps
ps3
rapidio
regulator Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-10-07 13:44:30 -07:00
rtc i2c: Remove obsolete cleanup for clientdata 2010-09-30 14:14:22 +02:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-28 12:01:26 -07:00
sbus
scsi
serial SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure 2010-10-19 18:32:40 +01:00
sfi
sh
sn
spi of/spi: Fix OF-style driver binding of spi devices 2010-10-02 21:28:29 -06:00
ssb
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-10-07 13:45:00 -07:00
tc
telephony
thermal
uio
usb USB: update Kconfig help text for CONFIG_USB_SUSPEND 2010-09-24 11:05:01 -07:00
uwb
vhost vhost: fix log ctx signalling 2010-09-22 16:21:33 +02:00
video Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-09-27 12:32:36 -07:00
virtio
vlynq
w1
watchdog
xen xen: do not set xenstored_ready before xenbus_probe on hvm 2010-10-05 13:37:28 +01:00
zorro
Kconfig
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-09-17 10:23:08 -07:00