Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 0c9ae701ae1caf657326db22d61074b40a747c9d

Authored by Stefan Richter
1 parent cc550216ae
Exists in master and in 7 other branches imx_3.0.35_4.1.0, imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

firewire: core: fix upper bound of possible CSR allocations 

region->end is defined as an upper bound of the requested address range,
exclusive --- i.e. as an address outside of the range in which the
requested CSR is to be placed.

Hence 0x0001,0000,0000,0000 is the biggest valid region->end, not
0x0000,ffff,ffff,fffc like the current check asserted.

For simplicity, the fix drops the region->end & 3 test because there is
no actual problem with these bits set in region->end.  The allocated
address range will be quadlet aligned and of a size of multiple quadlets
due to the checks for region->start & 3 and handler->length & 3 alone.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

Showing 1 changed file with 1 additions and 1 deletions Side-by-side Diff

drivers/firewire/core-transaction.c
Diff comments   View file @ 0c9ae70
... ... @@ -543,8 +543,8 @@
543 543 int ret = -EBUSY;
544 544  
545 545 if (region->start & 0xffff000000000003ULL ||
546   - region->end & 0xffff000000000003ULL ||
547 546 region->start >= region->end ||
  547 + region->end > 0x0001000000000000ULL ||
548 548 handler->length & 3 ||
549 549 handler->length == 0)
550 550 return -EINVAL;