aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-17 19:52:45 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-24 14:36:54 -0500
commit2799d5c5f9d2064c6d1f50ec82e28e3eac5f6954 (patch)
treea1a954e92c75793a977c8362ba8d97f700da0fa6
parentd54423c62c2f687919d4e5bdd4bb064234ff2d44 (diff)
firewire: core: don't fail device creation in case of too large config ROM blocks
It never happened yet, but better safe than sorry: If a device's config ROM contains a block which overlaps the boundary at 0xfffff00007ff, just ignore that one block instead of refusing to add the device representation. That way, upper layers (kernelspace or userspace drivers) might still be able to use the device to some degree. That's better than total inaccessibility of the device. Worse, the core would have logged only a generic "giving up on config rom" message which could only be debugged by feeding a firewire-ohci debug logging session through a config ROM interpreter, IOW would likely remain undiagnosed. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r--drivers/firewire/core-device.c18
1 files changed, 11 insertions, 7 deletions
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
index e02bf2dff845..01cb6a327e29 100644
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -588,15 +588,19 @@ static int read_bus_info_block(struct fw_device *device, int generation)
588 if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) 588 if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE)
589 goto out; 589 goto out;
590 end = i + (rom[i] >> 16) + 1; 590 end = i + (rom[i] >> 16) + 1;
591 i++; 591 if (end > READ_BIB_ROM_SIZE) {
592 if (end > READ_BIB_ROM_SIZE)
593 /* 592 /*
594 * This block extends outside standard config 593 * This block extends outside the config ROM which is
595 * area (and the array we're reading it 594 * a firmware bug. Ignore this whole block, i.e.
596 * into). That's broken, so ignore this 595 * simply set a fake block length of 0.
597 * device.
598 */ 596 */
599 goto out; 597 fw_error("skipped invalid ROM block %x at %llx\n",
598 rom[i],
599 i * 4 | CSR_REGISTER_BASE | CSR_CONFIG_ROM);
600 rom[i] = 0;
601 end = i;
602 }
603 i++;
600 604
601 /* 605 /*
602 * Now read in the block. If this is a directory 606 * Now read in the block. If this is a directory