Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0c9ae701 authored by Stefan Richter's avatar Stefan Richter
Browse files

firewire: core: fix upper bound of possible CSR allocations 



region->end is defined as an upper bound of the requested address range,
exclusive --- i.e. as an address outside of the range in which the
requested CSR is to be placed.

Hence 0x0001,0000,0000,0000 is the biggest valid region->end, not
0x0000,ffff,ffff,fffc like the current check asserted.

For simplicity, the fix drops the region->end & 3 test because there is
no actual problem with these bits set in region->end.  The allocated
address range will be quadlet aligned and of a size of multiple quadlets
due to the checks for region->start & 3 and handler->length & 3 alone.

Signed-off-by: default avatarStefan Richter <stefanr@s5r6.in-berlin.de>
parent cc550216

drivers/firewire/core-transaction.c

+1 −1
Original line number Diff line number Diff line
@@ -543,8 +543,8 @@ int fw_core_add_address_handler(struct fw_address_handler *handler, 
	int ret = -EBUSY;



	if (region->start & 0xffff000000000003ULL ||

	    region->end   & 0xffff000000000003ULL ||

	    region->start >= region->end ||

	    region->end   > 0x0001000000000000ULL ||

	    handler->length & 3 ||

	    handler->length == 0)

		return -EINVAL;