Clemens Ladisch 3d898ce2dd firewire: ohci: fix buffer overflow in AR split packet handling ... commit 85f7ffd5d2 upstream. When the controller had to split a received asynchronous packet into two buffers, the driver tries to reassemble it by copying both parts into the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet unhandled packets before the split packet, the split packet itself, and any received packets after the split packet are together larger than one page, then the memory after the first page would get overwritten. To fix this, do not try to copy the data of all unhandled packets at once, but copy the possibly needed data every time when handling a packet. This gets rid of most of the infamous crashes and data corruptions when using firewire-net. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Tested-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2010-12-09 13:32:47 -08:00
..
accessibility
acpi	Merge branch 'msi-dmi' into release	2010-10-08 22:37:46 -04:00
amba
ata	sata_via: apply magic FIFO fix to vt6420 too	2010-12-09 13:32:38 -08:00
atm	ATM: iphase, remove sleep-inside-atomic	2010-10-11 11:05:42 -07:00
auxdisplay
base	PM: Prevent waiting forever on asynchronous resume after failing suspend	2010-09-09 00:49:43 +02:00
block	ps3disk: passing wrong variable to bvec_kunmap_irq()	2010-10-12 18:56:33 +02:00
bluetooth	bluetooth: Fix missing NULL check	2010-11-22 11:03:01 -08:00
cdrom
char	TTY: open/hangup race fixup	2010-12-09 13:32:42 -08:00
clocksource
connector
cpufreq
cpuidle	cpuidle: Fix typos	2010-09-28 23:30:38 -04:00
crypto	[S390] zcrypt: fix Kconfig dependencies	2010-08-13 10:06:54 +02:00
dca	dca: disable dca on IOAT ver.3.0 multiple-IOH platforms	2010-09-17 20:08:21 -07:00
dio
dma	ioat2: fix performance regression	2010-10-13 15:43:10 -07:00
edac	i7core_edac: fix panic in udimm sysfs attributes registration	2010-10-01 10:50:58 -07:00
eisa
firewire	firewire: ohci: fix buffer overflow in AR split packet handling	2010-12-09 13:32:47 -08:00
firmware	Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6	2010-08-14 12:34:34 -07:00
gpio	gpio: sx150x: correct and refine reset-on-probe behavior	2010-09-09 18:57:24 -07:00
gpu	drm/i915/overlay: Ensure that the reg_bo is in the GTT prior to writing.	2010-12-09 13:32:25 -08:00
hid	HID: Fix for problems with eGalax/DWAV multi-touch-screen	2010-12-09 13:32:42 -08:00
hwmon	hwmon: (lm85) Fix ADT7468 frequency table	2010-12-09 13:32:33 -08:00
i2c	i2c-pca-platform: Change device name of request_irq	2010-12-09 13:32:14 -08:00
ide	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide-2.6	2010-09-19 11:06:34 -07:00
idle	intel_idle: do not use the LAPIC timer for ATOM C2	2010-11-22 11:03:03 -08:00
ieee1394
ieee802154
infiniband	RDMA/cxgb3: Turn off RX coalescing for iWARP connections	2010-09-27 09:28:55 -07:00
input	Input: evdev - fix EVIOCSABS regression	2010-10-18 08:45:08 -07:00
isdn	isdn/gigaset: bas_gigaset locking fix	2010-12-09 13:32:14 -08:00
leds	leds: leds-ns2: fix locking	2010-09-19 22:43:42 -04:00
lguest
macintosh	via-pmu: Add compat_pmu_ioctl	2010-08-24 15:28:28 +10:00
mca
md	md: fix return value of rdev_size_change()	2010-12-09 13:32:40 -08:00
media	drivers/media/video/cx23885/cx23885-core.c: fix cx23885_dev_checkrevision()	2010-12-09 13:32:44 -08:00
memstick	memstick: fix hangs on unexpected device removal in mspro_blk	2010-08-12 08:43:31 -07:00
message	fusion: add function parameter names to kernel-doc	2010-08-14 16:21:00 -07:00
mfd	mfd: Fix max8925 irq control bit incorrect setting	2010-09-29 10:14:53 +02:00
misc	sgi-xpc: XPC fails to discover partitions with all nasids above 128	2010-12-09 13:32:36 -08:00
mmc	mmc: sdio: fix SDIO suspend/resume regression	2010-10-15 12:54:55 -04:00
mtd	mxc_nand: do not depend on disabling the irq in the interrupt handler	2010-10-18 13:09:05 -07:00
net	usbnet: fix usb_autopm_get_interface failure(v1)	2010-12-09 13:32:42 -08:00
nubus
of
oprofile	oprofile: Fix the hang while taking the cpu offline	2010-12-09 13:32:33 -08:00
parisc
parport	Merge branch 'next-devicetree' of git://git.secretlab.ca/git/linux-2.6	2010-08-12 09:11:31 -07:00
pci	Merge branch 'meego-7093' into idle-release	2010-09-28 23:30:58 -04:00
pcmcia	pcmcia: pd6729: Fix error path	2010-09-26 15:54:25 +02:00
platform	asus-laptop: fix gps rfkill	2010-11-22 11:03:15 -08:00
pnp
power	olpc_battery: Fix endian neutral breakage for s16 values	2010-12-09 13:32:30 -08:00
pps
ps3
rapidio
regulator	Merge branch 'i2c-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging	2010-10-07 13:44:30 -07:00
rtc	i2c: Remove obsolete cleanup for clientdata	2010-09-30 14:14:22 +02:00
s390	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6	2010-09-28 12:01:26 -07:00
sbus
scsi	Fix regressions in scsi_internal_device_block	2010-11-22 11:03:17 -08:00
serial	SERIAL: ioc3_serial: Return -ENOMEM on memory allocation failure	2010-10-19 18:32:40 +01:00
sfi
sh
sn
spi	of/spi: Fix OF-style driver binding of spi devices	2010-10-02 21:28:29 -06:00
ssb	ssb: b43-pci-bridge: Add new vendor for BCM4318	2010-12-09 13:32:36 -08:00
staging	Staging: line6: fix up some sysfs attribute permissions	2010-12-09 13:32:28 -08:00
tc
telephony
thermal
uio
usb	USB: accept some invalid ep0-maxpacket values	2010-11-22 11:03:15 -08:00
uwb
vhost	vhost: fix log ctx signalling	2010-09-22 16:21:33 +02:00
video	viafb: use proper register for colour when doing fill ops	2010-12-09 13:32:38 -08:00
virtio
vlynq
w1
watchdog	watchdog: Enable NXP LPC32XX support in Kconfig (resend)	2010-09-15 18:43:58 +00:00
xen	xen: ensure that all event channels start off bound to VCPU 0	2010-12-09 13:32:37 -08:00
zorro	zorro: Fix reading of proc/bus/zorro/* in small chunks	2010-08-09 21:14:08 +02:00
Kconfig
Makefile	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394-2.6	2010-09-17 10:23:08 -07:00