forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/drivers
History
Clemens Ladisch 634667aa64 firewire: ohci: fix race in AR split packet handling 
commit a1f805e5e7 upstream.

When handling an AR buffer that has been completely filled, we assumed
that its descriptor will not be read by the controller and can be
overwritten.  However, when the last received packet happens to end at
the end of the buffer, the controller might not yet have moved on to the
next buffer and might read the branch address later.  If we overwrite
and free the page before that, the DMA context will either go dead
because of an invalid Z value, or go off into some random memory.

To fix this, ensure that the descriptor does not get overwritten by
using only the actual buffer instead of the entire page for reassembling
the split packet.  Furthermore, to avoid freeing the page too early,
move on to the next buffer only when some data in it guarantees that the
controller has moved on.

This should eliminate the remaining firewire-net problems.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Tested-by: Maxim Levitsky <maximlevitsky@gmail.com>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2010-12-09 13:32:47 -08:00
..
accessibility
acpi Merge branch 'msi-dmi' into release 2010-10-08 22:37:46 -04:00
amba
ata sata_via: apply magic FIFO fix to vt6420 too 2010-12-09 13:32:38 -08:00
atm ATM: iphase, remove sleep-inside-atomic 2010-10-11 11:05:42 -07:00
auxdisplay
base PM: Prevent waiting forever on asynchronous resume after failing suspend 2010-09-09 00:49:43 +02:00
block ps3disk: passing wrong variable to bvec_kunmap_irq() 2010-10-12 18:56:33 +02:00
bluetooth bluetooth: Fix missing NULL check 2010-11-22 11:03:01 -08:00
cdrom
char TTY: open/hangup race fixup 2010-12-09 13:32:42 -08:00
clocksource
connector
cpufreq
cpuidle cpuidle: Fix typos 2010-09-28 23:30:38 -04:00
crypto
dca dca: disable dca on IOAT ver.3.0 multiple-IOH platforms 2010-09-17 20:08:21 -07:00
dio
dma ioat2: fix performance regression 2010-10-13 15:43:10 -07:00
edac i7core_edac: fix panic in udimm sysfs attributes registration 2010-10-01 10:50:58 -07:00
eisa
firewire firewire: ohci: fix race in AR split packet handling 2010-12-09 13:32:47 -08:00
firmware
gpio gpio: sx150x: correct and refine reset-on-probe behavior 2010-09-09 18:57:24 -07:00
gpu drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing. 2010-12-09 13:32:25 -08:00
hid HID: Fix for problems with eGalax/DWAV multi-touch-screen 2010-12-09 13:32:42 -08:00
hwmon hwmon: (lm85) Fix ADT7468 frequency table 2010-12-09 13:32:33 -08:00
i2c i2c-pca-platform: Change device name of request_irq 2010-12-09 13:32:14 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6 2010-09-19 11:06:34 -07:00
idle intel_idle: do not use the LAPIC timer for ATOM C2 2010-11-22 11:03:03 -08:00
ieee1394
ieee802154
infiniband RDMA/cxgb3: Turn off RX coalescing for iWARP connections 2010-09-27 09:28:55 -07:00
input Input: evdev - fix EVIOCSABS regression 2010-10-18 08:45:08 -07:00
isdn isdn/gigaset: bas_gigaset locking fix 2010-12-09 13:32:14 -08:00
leds leds: leds-ns2: fix locking 2010-09-19 22:43:42 -04:00
lguest
macintosh
mca
md md: fix return value of rdev_size_change() 2010-12-09 13:32:40 -08:00
media drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision() 2010-12-09 13:32:44 -08:00
memstick
message
mfd mfd: Fix max8925 irq control bit incorrect setting 2010-09-29 10:14:53 +02:00
misc sgi-xpc: XPC fails to discover partitions with all nasids above 128 2010-12-09 13:32:36 -08:00
mmc mmc: sdio: fix SDIO suspend/resume regression 2010-10-15 12:54:55 -04:00
mtd mxc_nand: do not depend on disabling the irq in the interrupt handler 2010-10-18 13:09:05 -07:00
net usbnet: fix usb_autopm_get_interface failure(v1) 2010-12-09 13:32:42 -08:00
nubus
of
oprofile oprofile: Fix the hang while taking the cpu offline 2010-12-09 13:32:33 -08:00
parisc
parport
pci Merge branch 'meego-7093' into idle-release 2010-09-28 23:30:58 -04:00
pcmcia pcmcia: pd6729: Fix error path 2010-09-26 15:54:25 +02:00
platform asus-laptop: fix gps rfkill 2010-11-22 11:03:15 -08:00
pnp
power olpc_battery: Fix endian neutral breakage for s16 values 2010-12-09 13:32:30 -08:00
pps
ps3
rapidio
regulator Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-10-07 13:44:30 -07:00
rtc i2c: Remove obsolete cleanup for clientdata 2010-09-30 14:14:22 +02:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-28 12:01:26 -07:00
sbus
scsi Fix regressions in scsi_internal_device_block 2010-11-22 11:03:17 -08:00
serial SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure 2010-10-19 18:32:40 +01:00
sfi
sh
sn
spi of/spi: Fix OF-style driver binding of spi devices 2010-10-02 21:28:29 -06:00
ssb ssb: b43-pci-bridge: Add new vendor for BCM4318 2010-12-09 13:32:36 -08:00
staging Staging: line6: fix up some sysfs attribute permissions 2010-12-09 13:32:28 -08:00
tc
telephony
thermal
uio
usb USB: accept some invalid ep0-maxpacket values 2010-11-22 11:03:15 -08:00
uwb
vhost vhost: fix log ctx signalling 2010-09-22 16:21:33 +02:00
video viafb: use proper register for colour when doing fill ops 2010-12-09 13:32:38 -08:00
virtio
vlynq
w1
watchdog watchdog: Enable NXP LPC32XX support in Kconfig (resend) 2010-09-15 18:43:58 +00:00
xen xen: ensure that all event channels start off bound to VCPU 0 2010-12-09 13:32:37 -08:00
zorro
Kconfig
Makefile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6 2010-09-17 10:23:08 -07:00