On Fri, Nov 05, 2010 at 10:30:04PM +0000, James Bottomley wrote: > commit: 85f7ffd5d2b320f73912b15fe8cef34bae297daf > From: Clemens Ladisch <[email protected]> > Date: Mon, 25 Oct 2010 11:41:53 +0200 > Subject: [PATCH] firewire: ohci: fix buffer overflow in AR split packet > handling > > When the controller had to split a received asynchronous packet into two > buffers, the driver tries to reassemble it by copying both parts into > the first page. However, if size + rest > PAGE_SIZE, i.e., if the yet > unhandled packets before the split packet, the split packet itself, and > any received packets after the split packet are together larger than one > page, then the memory after the first page would get overwritten. > > To fix this, do not try to copy the data of all unhandled packets at > once, but copy the possibly needed data every time when handling > a packet. > > This gets rid of most of the infamous crashes and data corruptions when > using firewire-net. > > Signed-off-by: Clemens Ladisch <[email protected]> > Cc: 2.6.22-2.6.36 <[email protected]>
You mean .32 here, right? It doesn't apply to .27. thanks, greg k-h _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
