q3k
/
linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
linux/drivers
History
Clemens Ladisch a1f805e5e7 firewire: ohci: fix race in AR split packet handling 
When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Cc: 2.6.22-2.6.36 <stable@kernel.org>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
 		2010-10-30 23:37:19 +02:00
..
accessibility
acpi Merge branch 'msi-dmi' into release 2010-10-08 22:37:46 -04:00
amba
ata ahci: fix module refcount breakage introduced by libahci split 2010-09-28 15:14:51 -04:00
atm ATM: iphase, remove sleep-inside-atomic 2010-10-11 11:05:42 -07:00
auxdisplay
base PM: Prevent waiting forever on asynchronous resume after failing suspend 2010-09-09 00:49:43 +02:00
block ps3disk: passing wrong variable to bvec_kunmap_irq() 2010-10-12 18:56:33 +02:00
bluetooth
cdrom block: push down BKL into .open and .release 2010-08-07 18:25:34 +02:00
char virtio: console: Don't block entire guest if host doesn't read data 2010-10-20 13:18:04 -07:00
clocksource
connector
cpufreq
cpuidle cpuidle: Fix typos 2010-09-28 23:30:38 -04:00
crypto [S390] zcrypt: fix Kconfig dependencies 2010-08-13 10:06:54 +02:00
dca dca: disable dca on IOAT ver.3.0 multiple-IOH platforms 2010-09-17 20:08:21 -07:00
dio
dma ioat2: fix performance regression 2010-10-13 15:43:10 -07:00
edac i7core_edac: fix panic in udimm sysfs attributes registration 2010-10-01 10:50:58 -07:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-10-30 23:37:19 +02:00
firmware Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2010-08-14 12:34:34 -07:00
gpio gpio: sx150x: correct and refine reset-on-probe behavior 2010-09-09 18:57:24 -07:00
gpu drm/radeon/kms: avivo cursor workaround applies to evergreen as well 2010-10-18 09:14:35 +10:00
hid HID: Add Cando touch screen 15.6-inch product id 2010-10-13 10:47:32 +02:00
hwmon hwmon: f71882fg: use a muxed resource lock for the Super I/O port 2010-10-03 05:57:04 -07:00
i2c i2c-imx: do not allow interruptions when waiting for I2C to complete 2010-10-18 01:29:04 +01:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6 2010-09-19 11:06:34 -07:00
idle intel_idle: enable Atom C6 2010-10-08 22:16:27 -04:00
ieee1394
ieee802154
infiniband RDMA/cxgb3: Turn off RX coalescing for iWARP connections 2010-09-27 09:28:55 -07:00
input Input: evdev - fix EVIOCSABS regression 2010-10-18 08:45:08 -07:00
isdn isdn: strcpy() => strlcpy() 2010-10-08 10:21:22 -07:00
leds leds: leds-ns2: fix locking 2010-09-19 22:43:42 -04:00
lguest
macintosh via-pmu: Add compat_pmu_ioctl 2010-08-24 15:28:28 +10:00
mca
md md: check return code of read_sb_page 2010-10-07 12:02:50 +11:00
media v4l1: fix 32-bit compat microcode loading translation 2010-10-15 11:12:38 -07:00
memstick memstick: fix hangs on unexpected device removal in mspro_blk 2010-08-12 08:43:31 -07:00
message fusion: add function parameter names to kernel-doc 2010-08-14 16:21:00 -07:00
mfd mfd: Fix max8925 irq control bit incorrect setting 2010-09-29 10:14:53 +02:00
misc i2c: Remove obsolete cleanup for clientdata 2010-09-30 14:14:22 +02:00
mmc mmc: sdio: fix SDIO suspend/resume regression 2010-10-15 12:54:55 -04:00
mtd mxc_nand: do not depend on disabling the irq in the interrupt handler 2010-10-18 13:09:05 -07:00
net ehea: Fix a checksum issue on the receive path 2010-10-13 14:24:59 -07:00
nubus
of
oprofile oprofile: fix crash when accessing freed task structs 2010-08-25 09:09:09 +02:00
parisc
parport Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6 2010-08-12 09:11:31 -07:00
pci Merge branch 'meego-7093' into idle-release 2010-09-28 23:30:58 -04:00
pcmcia pcmcia: pd6729: Fix error path 2010-09-26 15:54:25 +02:00
platform IPS driver: Fix limit clamping when reducing CPU power 2010-10-05 14:59:35 -04:00
pnp
power apm_power: Add missing break statement 2010-09-08 14:35:10 +04:00
pps
ps3
rapidio
regulator Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-10-07 13:44:30 -07:00
rtc i2c: Remove obsolete cleanup for clientdata 2010-09-30 14:14:22 +02:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-28 12:01:26 -07:00
sbus
scsi [SCSI] Fix VPD inquiry page wrapper 2010-09-16 11:48:48 -04:00
serial SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure 2010-10-19 18:32:40 +01:00
sfi
sh
sn
spi of/spi: Fix OF-style driver binding of spi devices 2010-10-02 21:28:29 -06:00
ssb
staging Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-10-07 13:45:00 -07:00
tc
telephony
thermal
uio
usb USB: update Kconfig help text for CONFIG_USB_SUSPEND 2010-09-24 11:05:01 -07:00
uwb
vhost vhost: fix log ctx signalling 2010-09-22 16:21:33 +02:00
video Merge master.kernel.org:/home/rmk/linux-2.6-arm 2010-09-27 12:32:36 -07:00
virtio
vlynq
w1
watchdog watchdog: Enable NXP LPC32XX support in Kconfig (resend) 2010-09-15 18:43:58 +00:00
xen xen: do not set xenstored_ready before xenbus_probe on hvm 2010-10-05 13:37:28 +01:00
zorro
Kconfig
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-09-17 10:23:08 -07:00