85f7ffd5d2
When the controller had to split a received asynchronous packet into two buffers, the driver tries to reassemble it by copying both parts into the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet unhandled packets before the split packet, the split packet itself, and any received packets after the split packet are together larger than one page, then the memory after the first page would get overwritten. To fix this, do not try to copy the data of all unhandled packets at once, but copy the possibly needed data every time when handling a packet. This gets rid of most of the infamous crashes and data corruptions when using firewire-net. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Cc: 2.6.22-2.6.36 <stable@kernel.org> Tested-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> (cast PAGE_SIZE to size_t) |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| core-card.c | ||
| core-cdev.c | ||
| core-device.c | ||
| core-iso.c | ||
| core-topology.c | ||
| core-transaction.c | ||
| core.h | ||
| net.c | ||
| nosy-user.h | ||
| nosy.c | ||
| nosy.h | ||
| ohci.c | ||
| ohci.h | ||
| sbp2.c | ||