firewire: cdev: require quadlet-aligned headers for transmit packets
authorClemens Ladisch <clemens@ladisch.de>
Wed, 31 Mar 2010 14:26:46 +0000 (16:26 +0200)
committerStefan Richter <stefanr@s5r6.in-berlin.de>
Sat, 10 Apr 2010 14:51:13 +0000 (16:51 +0200)
The definition of struct fw_cdev_iso_packet seems to imply that the
header_length must be quadlet-aligned, and in fact, specifying an
unaligned header has never really worked when using multiple packet
structures, because the position of the next control word is computed by
rounding the header_length _down_, so the last one to three bytes of the
header would overlap the next control word.

To avoid this problem, check that the header length is properly aligned.

Signed-off-by: Clemens Ladisch <clemens@ladisch.de>
Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
drivers/firewire/core-cdev.c

index bbb8160e2c999f9cb6fc86af22e2cbcbde2ab290..5eba9e0f876c1c8e70fd028d9556fb255e2d825a 100644 (file)
@@ -959,6 +959,8 @@ static int ioctl_queue_iso(struct client *client, union ioctl_arg *arg)
                u.packet.header_length = GET_HEADER_LENGTH(control);
 
                if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) {
+                       if (u.packet.header_length % 4 != 0)
+                               return -EINVAL;
                        header_length = u.packet.header_length;
                } else {
                        /*