aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-17 19:54:00 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2010-02-24 14:36:54 -0500
commit58aaa5427663b680030aa58aaaf1e2738564b8dc (patch)
treed084f4cb49842cefe5e9753cf3050c1171fd4560
parent2799d5c5f9d2064c6d1f50ec82e28e3eac5f6954 (diff)
firewire: core: increase stack size of config ROM reader
The stack size of 16 was artificially chosen and may be too small in extreme cases. A device won't be accessible then. Since it doesn't really matter to the slab allocator whether we ask for 1088 bytes or 2048 bytes of scratch memory, just allocate 2048 bytes for the sum of temporary config ROM image and stack, and we will never ever overflow the stack (because there simply can't be more stack items than ROM entries). Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
-rw-r--r--drivers/firewire/core-device.c6
1 files changed, 2 insertions, 4 deletions
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
index 01cb6a327e29..150a8ba97488 100644
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -493,7 +493,6 @@ static int read_rom(struct fw_device *device,
493} 493}
494 494
495#define READ_BIB_ROM_SIZE 256 495#define READ_BIB_ROM_SIZE 256
496#define READ_BIB_STACK_SIZE 16
497 496
498/* 497/*
499 * Read the bus info block, perform a speed probe, and read all of the rest of 498 * Read the bus info block, perform a speed probe, and read all of the rest of
@@ -510,7 +509,7 @@ static int read_bus_info_block(struct fw_device *device, int generation)
510 int i, end, length, ret = -1; 509 int i, end, length, ret = -1;
511 510
512 rom = kmalloc(sizeof(*rom) * READ_BIB_ROM_SIZE + 511 rom = kmalloc(sizeof(*rom) * READ_BIB_ROM_SIZE +
513 sizeof(*stack) * READ_BIB_STACK_SIZE, GFP_KERNEL); 512 sizeof(*stack) * READ_BIB_ROM_SIZE, GFP_KERNEL);
514 if (rom == NULL) 513 if (rom == NULL)
515 return -ENOMEM; 514 return -ENOMEM;
516 515
@@ -612,8 +611,7 @@ static int read_bus_info_block(struct fw_device *device, int generation)
612 RCODE_COMPLETE) 611 RCODE_COMPLETE)
613 goto out; 612 goto out;
614 613
615 if ((key >> 30) != 3 || (rom[i] >> 30) < 2 || 614 if ((key >> 30) != 3 || (rom[i] >> 30) < 2)
616 sp >= READ_BIB_STACK_SIZE)
617 continue; 615 continue;
618 /* 616 /*
619 * Offset points outside the ROM. May be a firmware 617 * Offset points outside the ROM. May be a firmware