diff options
author | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2010-02-17 19:54:00 -0500 |
---|---|---|
committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2010-02-24 14:36:54 -0500 |
commit | 58aaa5427663b680030aa58aaaf1e2738564b8dc (patch) | |
tree | d084f4cb49842cefe5e9753cf3050c1171fd4560 | |
parent | 2799d5c5f9d2064c6d1f50ec82e28e3eac5f6954 (diff) |
firewire: core: increase stack size of config ROM reader
The stack size of 16 was artificially chosen and may be too small in
extreme cases. A device won't be accessible then.
Since it doesn't really matter to the slab allocator whether we ask for
1088 bytes or 2048 bytes of scratch memory, just allocate 2048 bytes for
the sum of temporary config ROM image and stack, and we will never ever
overflow the stack (because there simply can't be more stack items than
ROM entries).
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r-- | drivers/firewire/core-device.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index 01cb6a327e29..150a8ba97488 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c | |||
@@ -493,7 +493,6 @@ static int read_rom(struct fw_device *device, | |||
493 | } | 493 | } |
494 | 494 | ||
495 | #define READ_BIB_ROM_SIZE 256 | 495 | #define READ_BIB_ROM_SIZE 256 |
496 | #define READ_BIB_STACK_SIZE 16 | ||
497 | 496 | ||
498 | /* | 497 | /* |
499 | * Read the bus info block, perform a speed probe, and read all of the rest of | 498 | * Read the bus info block, perform a speed probe, and read all of the rest of |
@@ -510,7 +509,7 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
510 | int i, end, length, ret = -1; | 509 | int i, end, length, ret = -1; |
511 | 510 | ||
512 | rom = kmalloc(sizeof(*rom) * READ_BIB_ROM_SIZE + | 511 | rom = kmalloc(sizeof(*rom) * READ_BIB_ROM_SIZE + |
513 | sizeof(*stack) * READ_BIB_STACK_SIZE, GFP_KERNEL); | 512 | sizeof(*stack) * READ_BIB_ROM_SIZE, GFP_KERNEL); |
514 | if (rom == NULL) | 513 | if (rom == NULL) |
515 | return -ENOMEM; | 514 | return -ENOMEM; |
516 | 515 | ||
@@ -612,8 +611,7 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
612 | RCODE_COMPLETE) | 611 | RCODE_COMPLETE) |
613 | goto out; | 612 | goto out; |
614 | 613 | ||
615 | if ((key >> 30) != 3 || (rom[i] >> 30) < 2 || | 614 | if ((key >> 30) != 3 || (rom[i] >> 30) < 2) |
616 | sp >= READ_BIB_STACK_SIZE) | ||
617 | continue; | 615 | continue; |
618 | /* | 616 | /* |
619 | * Offset points outside the ROM. May be a firmware | 617 | * Offset points outside the ROM. May be a firmware |