mirror of
https://github.com/torvalds/linux.git
synced 2024-09-20 23:13:00 +00:00
693fa7792e
If the controller is storing a split packet and therefore changing d->res_count to zero between the two reads by the driver, we end up with an end pointer that is not at a packet boundary, and therefore overflow the buffer when handling the split packet. To fix this, read the field once, atomically. The compiler usually merges the two reads anyway, but for correctness, we have to enforce it. Signed-off-by: Clemens Ladisch <clemens@ladisch.de> Tested-by: Maxim Levitsky <maximlevitsky@gmail.com> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> |
||
|---|---|---|
| .. | ||
| core-card.c | ||
| core-cdev.c | ||
| core-device.c | ||
| core-iso.c | ||
| core-topology.c | ||
| core-transaction.c | ||
| core.h | ||
| Kconfig | ||
| Makefile | ||
| net.c | ||
| nosy-user.h | ||
| nosy.c | ||
| nosy.h | ||
| ohci.c | ||
| ohci.h | ||
| sbp2.c | ||