[03/90] firewire: ohci: handle receive packets with a data length of zero

From: Greg KH
Date: Wed Dec 16 2009 - 20:49:31 EST

Next message: Greg KH: "[08/90] bsdacct: fix uid/gid misreporting"
Previous message: Rafael J. Wysocki: "Re: Async suspend-resume patch w/ completions (was: Re: Async suspend-resume patch w/ rwsems)"
In reply to: Greg KH: "[11/90] futex: Take mmap_sem for get_user_pages in fault_in_user_writeable"
Next in thread: Greg KH: "[08/90] bsdacct: fix uid/gid misreporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.31-stable review patch. If anyone has any objections, please let us know.

------------------

From: Jay Fenlason <fenlason@xxxxxxxxxx>

commit 8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 upstream.

Queueing to receive an ISO packet with a payload length of zero
silently does nothing in dualbuffer mode, and crashes the kernel in
packet-per-buffer mode. Return an error in dualbuffer mode, because
the DMA controller won't let us do what we want, and work correctly in
packet-per-buffer mode.

Signed-off-by: Jay Fenlason <fenlason@xxxxxxxxxx>
Signed-off-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
drivers/firewire/ohci.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)

--- a/drivers/firewire/ohci.c
+++ b/drivers/firewire/ohci.c
@@ -2180,6 +2180,13 @@ static int ohci_queue_iso_receive_dualbu
page = payload >> PAGE_SHIFT;
offset = payload & ~PAGE_MASK;
rest = p->payload_length;
+ /*
+ * The controllers I've tested have not worked correctly when
+ * second_req_count is zero. Rather than do something we know won't
+ * work, return an error
+ */
+ if (rest == 0)
+ return -EINVAL;

/* FIXME: make packet-per-buffer/dual-buffer a context option */
while (rest > 0) {
@@ -2233,7 +2240,7 @@ static int ohci_queue_iso_receive_packet
unsigned long payload)
{
struct iso_context *ctx = container_of(base, struct iso_context, base);
- struct descriptor *d = NULL, *pd = NULL;
+ struct descriptor *d, *pd;
struct fw_iso_packet *p = packet;
dma_addr_t d_bus, page_bus;
u32 z, header_z, rest;
@@ -2271,8 +2278,9 @@ static int ohci_queue_iso_receive_packet
d->data_address = cpu_to_le32(d_bus + (z * sizeof(*d)));

rest = payload_per_buffer;
+ pd = d;
for (j = 1; j < z; j++) {
- pd = d + j;
+ pd++;
pd->control = cpu_to_le16(DESCRIPTOR_STATUS |
DESCRIPTOR_INPUT_MORE);

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[08/90] bsdacct: fix uid/gid misreporting"
Previous message: Rafael J. Wysocki: "Re: Async suspend-resume patch w/ completions (was: Re: Async suspend-resume patch w/ rwsems)"
In reply to: Greg KH: "[11/90] futex: Take mmap_sem for get_user_pages in fault_in_user_writeable"
Next in thread: Greg KH: "[08/90] bsdacct: fix uid/gid misreporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]