From: Stefan Richter Date: Fri, 23 Jul 2010 11:02:54 +0000 (+0200) Subject: firewire: core: fix upper bound of possible CSR allocations X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=0c9ae701ae1caf657326db22d61074b40a747c9d;p=GitHub%2FLineageOS%2Fandroid_kernel_samsung_universal7580.git firewire: core: fix upper bound of possible CSR allocations region->end is defined as an upper bound of the requested address range, exclusive --- i.e. as an address outside of the range in which the requested CSR is to be placed. Hence 0x0001,0000,0000,0000 is the biggest valid region->end, not 0x0000,ffff,ffff,fffc like the current check asserted. For simplicity, the fix drops the region->end & 3 test because there is no actual problem with these bits set in region->end. The allocated address range will be quadlet aligned and of a size of multiple quadlets due to the checks for region->start & 3 and handler->length & 3 alone. Signed-off-by: Stefan Richter --- diff --git a/drivers/firewire/core-transaction.c b/drivers/firewire/core-transaction.c index 6f225cacbc3..ca7ca56661e 100644 --- a/drivers/firewire/core-transaction.c +++ b/drivers/firewire/core-transaction.c @@ -543,8 +543,8 @@ int fw_core_add_address_handler(struct fw_address_handler *handler, int ret = -EBUSY; if (region->start & 0xffff000000000003ULL || - region->end & 0xffff000000000003ULL || region->start >= region->end || + region->end > 0x0001000000000000ULL || handler->length & 3 || handler->length == 0) return -EINVAL;