diff options
| author | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2010-02-17 19:52:45 -0500 |
|---|---|---|
| committer | Stefan Richter <stefanr@s5r6.in-berlin.de> | 2010-02-24 14:36:54 -0500 |
| commit | 2799d5c5f9d2064c6d1f50ec82e28e3eac5f6954 (patch) | |
| tree | a1a954e92c75793a977c8362ba8d97f700da0fa6 | |
| parent | d54423c62c2f687919d4e5bdd4bb064234ff2d44 (diff) | |
firewire: core: don't fail device creation in case of too large config ROM blocks
It never happened yet, but better safe than sorry: If a device's config
ROM contains a block which overlaps the boundary at 0xfffff00007ff, just
ignore that one block instead of refusing to add the device
representation. That way, upper layers (kernelspace or userspace
drivers) might still be able to use the device to some degree.
That's better than total inaccessibility of the device. Worse, the core
would have logged only a generic "giving up on config rom" message which
could only be debugged by feeding a firewire-ohci debug logging session
through a config ROM interpreter, IOW would likely remain undiagnosed.
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
| -rw-r--r-- | drivers/firewire/core-device.c | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index e02bf2dff845..01cb6a327e29 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c | |||
| @@ -588,15 +588,19 @@ static int read_bus_info_block(struct fw_device *device, int generation) | |||
| 588 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) | 588 | if (read_rom(device, generation, i, &rom[i]) != RCODE_COMPLETE) |
| 589 | goto out; | 589 | goto out; |
| 590 | end = i + (rom[i] >> 16) + 1; | 590 | end = i + (rom[i] >> 16) + 1; |
| 591 | i++; | 591 | if (end > READ_BIB_ROM_SIZE) { |
| 592 | if (end > READ_BIB_ROM_SIZE) | ||
| 593 | /* | 592 | /* |
| 594 | * This block extends outside standard config | 593 | * This block extends outside the config ROM which is |
| 595 | * area (and the array we're reading it | 594 | * a firmware bug. Ignore this whole block, i.e. |
| 596 | * into). That's broken, so ignore this | 595 | * simply set a fake block length of 0. |
| 597 | * device. | ||
| 598 | */ | 596 | */ |
| 599 | goto out; | 597 | fw_error("skipped invalid ROM block %x at %llx\n", |
| 598 | rom[i], | ||
| 599 | i * 4 | CSR_REGISTER_BASE | CSR_CONFIG_ROM); | ||
| 600 | rom[i] = 0; | ||
| 601 | end = i; | ||
| 602 | } | ||
| 603 | i++; | ||
| 600 | 604 | ||
| 601 | /* | 605 | /* |
| 602 | * Now read in the block. If this is a directory | 606 | * Now read in the block. If this is a directory |