Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-06 13:16:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7cbfc44269
linux-stable/drivers/firewire
History
Clemens Ladisch 263256d709 firewire: ohci: fix race in AR split packet handling 
commit a1f805e5e7 upstream.

When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:26:50 -08:00
..
core-card.c firewire: core: check for 1394a compliant IRM, fix inaccessibility of Sony camcorder 2010-07-05 11:11:04 -07:00
core-cdev.c firewire: cdev: fix information leak 2010-12-09 13:26:48 -08:00
core-device.c firewire: core: fix an information leak 2010-12-09 13:26:49 -08:00
core-iso.c firewire: core: fix crash in iso resource management 2009-09-05 15:59:34 +02:00
core-topology.c firewire: rename source files 2009-06-05 16:26:18 +02:00
core-transaction.c firewire: core: fix topology map response handler 2009-09-12 14:48:40 +02:00
core.h firewire: core: header file cleanup 2009-09-12 14:48:40 +02:00
Kconfig firewire: new stack is no longer experimental 2009-06-21 10:53:26 +02:00
Makefile firewire: net: add Kconfig item, rename driver 2009-06-14 14:26:29 +02:00
net.c drivers: Kill now superfluous ->last_rx stores 2009-09-02 23:07:36 -07:00
ohci.c firewire: ohci: fix race in AR split packet handling 2010-12-09 13:26:50 -08:00
ohci.h firewire: reorganize header files 2009-06-05 16:26:18 +02:00
sbp2.c firewire: sbp2: provide fallback if mgt_ORB_timeout is missing 2009-10-14 21:55:19 +02:00