aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Moyer <jmoyer@redhat.com>2006-02-13 17:52:38 -0500
committerGreg Kroah-Hartman <gregkh@suse.de>2006-03-20 16:42:58 -0500
commit30560ba6eda308c13a361d08eb5d4eaab94ab37e (patch)
tree2639a567018f690c725da11470d7d28392cbfee8
parent58d49283b87751f7af75e021a629dcddb027e8eb (diff)
[PATCH] firmware: fix BUG: in fw_realloc_buffer
The fw_realloc_buffer routine does not handle an increase in buffer size of more than 4k. It's not clear to me why it expects that it will only get an extra 4k of data. The attached patch modifies fw_realloc_buffer to vmalloc as much memory as is requested, instead of what we previously had + 4k. I've tested this on my laptop, which would crash occaisionally on boot without the patch. With the patch, it hasn't crashed, but I can't be certain that this code path is exercised. Signed-off-by: Jeff Moyer <jmoyer@redhat.com> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--drivers/base/firmware_class.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c
index e97e911ebf7a..472318205236 100644
--- a/drivers/base/firmware_class.c
+++ b/drivers/base/firmware_class.c
@@ -211,18 +211,20 @@ static int
211fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size) 211fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
212{ 212{
213 u8 *new_data; 213 u8 *new_data;
214 int new_size = fw_priv->alloc_size;
214 215
215 if (min_size <= fw_priv->alloc_size) 216 if (min_size <= fw_priv->alloc_size)
216 return 0; 217 return 0;
217 218
218 new_data = vmalloc(fw_priv->alloc_size + PAGE_SIZE); 219 new_size = ALIGN(min_size, PAGE_SIZE);
220 new_data = vmalloc(new_size);
219 if (!new_data) { 221 if (!new_data) {
220 printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__); 222 printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__);
221 /* Make sure that we don't keep incomplete data */ 223 /* Make sure that we don't keep incomplete data */
222 fw_load_abort(fw_priv); 224 fw_load_abort(fw_priv);
223 return -ENOMEM; 225 return -ENOMEM;
224 } 226 }
225 fw_priv->alloc_size += PAGE_SIZE; 227 fw_priv->alloc_size = new_size;
226 if (fw_priv->fw->data) { 228 if (fw_priv->fw->data) {
227 memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size); 229 memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size);
228 vfree(fw_priv->fw->data); 230 vfree(fw_priv->fw->data);