Commit 048eb7e7 authored by Jeff Moyer's avatar Jeff Moyer Committed by Greg Kroah-Hartman

[PATCH] firmware: fix BUG: in fw_realloc_buffer

The fw_realloc_buffer routine does not handle an increase in buffer size of
more than 4k.  It's not clear to me why it expects that it will only get an
extra 4k of data.  The attached patch modifies fw_realloc_buffer to vmalloc
as much memory as is requested, instead of what we previously had + 4k.

I've tested this on my laptop, which would crash occaisionally on boot
without the patch.  With the patch, it hasn't crashed, but I can't be
certain that this code path is exercised.
Signed-off-by: default avatarJeff Moyer <jmoyer@redhat.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent a15dee13
...@@ -211,18 +211,20 @@ static int ...@@ -211,18 +211,20 @@ static int
fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size) fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size)
{ {
u8 *new_data; u8 *new_data;
int new_size = fw_priv->alloc_size;
if (min_size <= fw_priv->alloc_size) if (min_size <= fw_priv->alloc_size)
return 0; return 0;
new_data = vmalloc(fw_priv->alloc_size + PAGE_SIZE); new_size = ALIGN(min_size, PAGE_SIZE);
new_data = vmalloc(new_size);
if (!new_data) { if (!new_data) {
printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__); printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__);
/* Make sure that we don't keep incomplete data */ /* Make sure that we don't keep incomplete data */
fw_load_abort(fw_priv); fw_load_abort(fw_priv);
return -ENOMEM; return -ENOMEM;
} }
fw_priv->alloc_size += PAGE_SIZE; fw_priv->alloc_size = new_size;
if (fw_priv->fw->data) { if (fw_priv->fw->data) {
memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size); memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size);
vfree(fw_priv->fw->data); vfree(fw_priv->fw->data);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment