forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Clemens Ladisch 263256d709 firewire: ohci: fix race in AR split packet handling 
commit a1f805e5e7 upstream.

When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:26:50 -08:00
..
accessibility
acpi ACPI: Disable Windows Vista compatibility for Toshiba P305D 2010-10-28 21:44:15 -07:00
amba
ata ata_generic: implement ATA_GEN_* flags and force enable DMA on MBP 7,1 2010-12-09 13:26:41 -08:00
atm solos-pci: Fix race condition in tasklet RX handling 2010-08-13 13:19:34 -07:00
auxdisplay
base firmware_class: fix memory leak - free allocated pages 2010-08-02 10:21:25 -07:00
block loop: Update mtime when writing using aops 2010-08-13 13:20:23 -07:00
bluetooth bluetooth: Fix missing NULL check 2010-11-22 10:47:30 -08:00
cdrom
char TTY: ldisc, fix open flag handling 2010-12-09 13:26:47 -08:00
clocksource clocksource: sh_tmu: compute mult and shift before registration 2010-09-26 17:21:37 -07:00
connector connector: Delete buggy notification code. 2010-02-09 04:50:59 -08:00
cpufreq revert "[CPUFREQ] remove rwsem lock from CPUFREQ_GOV_STOP call (second call site)" 2010-08-02 10:21:25 -07:00
cpuidle cpuidle: Fix incorrect optimization 2010-05-12 14:57:16 -07:00
crypto crypto: padlock-sha - Add import/export support 2010-02-23 07:37:54 -08:00
dca
dio
dma dmaengine: fix interrupt clearing for mv_xor 2010-10-28 21:44:01 -07:00
edac amd64_edac: Correct scrub rate setting 2010-08-10 10:20:38 -07:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-12-09 13:26:50 -08:00
firmware DMI: allow omitting ident strings in DMI tables 2010-01-28 15:01:52 -08:00
gpio gpiolib: Actually set output state in wm831x_gpio_direction_output() 2010-03-15 08:49:57 -07:00
gpu drm: Only decouple the old_fb from the crtc is we call mode_set* 2010-09-20 13:18:14 -07:00
hid HID: fix suspend crash by moving initializations earlier 2010-09-20 13:17:51 -07:00
hwmon hwmon: (lm85) Fix ADT7468 frequency table 2010-12-09 13:26:39 -08:00
i2c i2c-pca-platform: Change device name of request_irq 2010-12-09 13:26:33 -08:00
ide ide-cd: Do not access completed requests in the irq handler 2010-08-13 13:19:36 -07:00
idle
ieee1394
ieee802154 ieee802154: dont leak skbs in ieee802154_fake_xmit() 2009-11-19 13:16:21 -08:00
infiniband RDMA/cxgb3: Turn off RX coalescing for iWARP connections 2010-10-28 21:43:55 -07:00
input Input: joydev - fix JSIOCSAXMAP ioctl 2010-10-28 21:43:59 -07:00
isdn isdn: fix information leak 2010-08-26 16:41:51 -07:00
leds leds-gpio: fix default state handling on OF platforms 2010-04-01 15:58:53 -07:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-06 15:05:19 -08:00
macintosh macintosh/therm_adt746x: Fix sysfs attributes lifetime 2010-03-15 08:49:46 -07:00
mca
md md: fix return value of rdev_size_change() 2010-12-09 13:26:46 -08:00
media V4L/DVB (13966): DVB-T regression fix for saa7134 cards 2010-10-28 21:43:59 -07:00
memstick memstick: fix hangs on unexpected device removal in mspro_blk 2010-08-26 16:41:32 -07:00
message SCSI: mptsas: fix hangs caused by ATA pass-through 2010-09-26 17:21:28 -07:00
mfd mfd: WM835x GPIO direction register is not locked 2010-01-22 15:18:18 -08:00
misc sgi-xpc: XPC fails to discover partitions with all nasids above 128 2010-12-09 13:26:42 -08:00
mmc mmc: sdhci-s3c: fix NULL ptr access in sdhci_s3c_remove 2010-10-28 21:43:55 -07:00
mtd pxa3xx: fix ns2cycle equation 2010-08-26 16:41:42 -07:00
net jme: Fix PHY power-off error 2010-12-09 13:26:31 -08:00
nubus
of
oprofile oprofile: fix crash when accessing freed task structs 2010-09-20 13:17:50 -07:00
parisc PARISC: led.c - fix potential stack overflow in led_proc_write() 2010-08-10 10:20:37 -07:00
parport
pci intel_idle: PCI quirk to prevent Lenovo Ideapad s10-3 boot hang 2010-10-28 21:44:14 -07:00
pcmcia pcmcia: avoid buffer overflow in pcmcia_setup_isa_irq 2010-08-26 16:41:53 -07:00
platform eeepc-laptop: check wireless hotplug events 2010-08-02 10:21:29 -07:00
pnp
power olpc_battery: Fix endian neutral breakage for s16 values 2010-12-09 13:26:37 -08:00
pps pps: events reporting fix up 2009-11-12 07:26:01 -08:00
ps3
rapidio
regulator regulator: Fix display of null constraints for regulators 2010-02-23 07:37:49 -08:00
rtc rtc: fix ds1388 time corruption 2010-08-02 10:20:53 -07:00
s390 nohz: Introduce arch_needs_cpu 2010-08-13 13:20:13 -07:00
sbus
scsi Fix regressions in scsi_internal_device_block 2010-11-22 10:47:38 -08:00
serial serial: cpm_uart: implement the cpm_uart_early_write() function for console poll 2010-08-02 10:20:52 -07:00
sfi
sh
sn
spi SPI: spi_txx9: Fix bit rate calculation 2009-12-02 23:58:32 +00:00
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-12-09 13:26:41 -08:00
staging Staging: line6: fix up some sysfs attribute permissions 2010-12-09 13:26:36 -08:00
tc
telephony
thermal
uio uio: pm_runtime_disable is needed if failed 2009-11-13 11:36:00 +09:00
usb USB: accept some invalid ep0-maxpacket values 2010-11-22 10:47:38 -08:00
uwb
video viafb: use proper register for colour when doing fill ops 2010-12-09 13:26:45 -08:00
virtio virtio-pci: disable msi at startup 2010-08-02 10:20:42 -07:00
vlynq
w1 w1: w1 temp: fix negative termperature calculation 2010-05-12 14:57:00 -07:00
watchdog WATCHDOG: iTCO_wdt: TCO Watchdog patch for additional Intel Cougar Point DeviceIDs 2010-04-26 07:41:18 -07:00
xen xen: ensure that all event channels start off bound to VCPU 0 2010-12-09 13:26:42 -08:00
zorro
Kconfig
Makefile virtio: initialize earlier 2010-05-12 14:57:15 -07:00