From: Greg Kroah-Hartman <gregkh@suse.de>
To: linux-kernel@vger.kernel.org
Cc: Jeff Moyer <jmoyer@redhat.com>, Andrew Morton <akpm@osdl.org>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [PATCH 14/23] firmware: fix BUG: in fw_realloc_buffer
Date: Mon, 20 Mar 2006 14:00:38 -0800 [thread overview]
Message-ID: <11428920382138-git-send-email-gregkh@suse.de> (raw)
In-Reply-To: <11428920381250-git-send-email-gregkh@suse.de>
The fw_realloc_buffer routine does not handle an increase in buffer size of
more than 4k. It's not clear to me why it expects that it will only get an
extra 4k of data. The attached patch modifies fw_realloc_buffer to vmalloc
as much memory as is requested, instead of what we previously had + 4k.
I've tested this on my laptop, which would crash occaisionally on boot
without the patch. With the patch, it hasn't crashed, but I can't be
certain that this code path is exercised.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/base/firmware_class.c | 6 ++++--
1 files changed, 4 insertions(+), 2 deletions(-)
30560ba6eda308c13a361d08eb5d4eaab94ab37e
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index e97e911..4723182 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -211,18 +211,20 @@ static int
fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
{
u8 *new_data;
+ int new_size = fw_priv->alloc_size;
if (min_size <= fw_priv->alloc_size)
return 0;
- new_data = vmalloc(fw_priv->alloc_size + PAGE_SIZE);
+ new_size = ALIGN(min_size, PAGE_SIZE);
+ new_data = vmalloc(new_size);
if (!new_data) {
printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__);
/* Make sure that we don't keep incomplete data */
fw_load_abort(fw_priv);
return -ENOMEM;
}
- fw_priv->alloc_size += PAGE_SIZE;
+ fw_priv->alloc_size = new_size;
if (fw_priv->fw->data) {
memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size);
vfree(fw_priv->fw->data);
--
1.2.4
next prev parent reply other threads:[~2006-03-20 22:02 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-03-20 21:50 [GIT PATCH] Driver Core and sysfs stuff for 2.6.16 Greg KH
2006-03-20 22:00 ` [PATCH 01/23] sysfs: sysfs_remove_dir() needs to invalidate the dentry Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 02/23] kobject: fix build error if CONFIG_SYSFS=n Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 03/23] Mark empty release functions as broken Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 04/23] driver core: platform_get_irq*(): return -ENXIO on error Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 05/23] handle errors returned by platform_get_irq*() Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 06/23] kref: avoid an atomic operation in kref_put() Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 07/23] kobj_map semaphore to mutex conversion Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 08/23] Clean up module.c symbol searching logic Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 09/23] add EXPORT_SYMBOL_GPL_FUTURE() Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 10/23] add EXPORT_SYMBOL_GPL_FUTURE() to RCU subsystem Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 12/23] fix module sysfs files reference counting Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 13/23] sysfs: kzalloc conversion Greg Kroah-Hartman
2006-03-20 22:00 ` Greg Kroah-Hartman [this message]
2006-03-20 22:00 ` [PATCH 15/23] Driver core: add macros notice(), dev_notice() Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 16/23] Kobject: provide better warning messages when people do stupid things Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 17/23] Kobject: kobject.h: fix a typo Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 18/23] sysfs: fix problem with duplicate sysfs directories and files Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 19/23] debugfs: Add debugfs_create_blob() helper for exporting binary data Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 20/23] kobject_add_dir Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 21/23] get_cpu_sysdev() signedness fix Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 22/23] sysfs: don't export dir symbols Greg Kroah-Hartman
2006-03-20 22:00 ` [PATCH 23/23] sysfs: fix a kobject leak in sysfs_add_link on the error path Greg Kroah-Hartman
2006-03-21 17:16 ` [PATCH 16/23] Kobject: provide better warning messages when people do stupid things Artem B. Bityutskiy
2006-03-22 22:17 ` Greg KH
2006-03-25 8:52 ` Artem B. Bityutskiy
2006-03-21 0:13 ` [PATCH 04/23] driver core: platform_get_irq*(): return -ENXIO on error Olivier Galibert
2006-03-21 8:07 ` Russell King
2006-03-21 12:50 ` Olivier Galibert
2006-03-21 20:31 ` Russell King
2006-03-21 22:50 ` Olivier Galibert
2006-03-21 9:33 ` David Vrabel
2006-03-20 23:35 ` [PATCH 02/23] kobject: fix build error if CONFIG_SYSFS=n Jun'ichi Nomura
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=11428920382138-git-send-email-gregkh@suse.de \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=jmoyer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox