linux/drivers
Stefan Richter 281e20323a firewire: core: fix use-after-free regression in FCP handler
Commit db5d247a "firewire: fix use of multiple AV/C devices, allow
multiple FCP listeners" introduced a regression into 2.6.33-rc3:
The core freed payloads of incoming requests to FCP_Request or
FCP_Response before a userspace driver accessed them.

We need to copy such payloads for each registered userspace client
and free the copies according to the lifetime rules of non-FCP client
request resources.

(This could possibly be optimized by reference counts instead of
copies.)

The presently only kernelspace driver which listens for FCP requests,
firedtv, was not affected because it already copies FCP frames into an
own buffer before returning to firewire-core's FCP handler dispatcher.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
2010-01-26 20:54:50 +01:00
..
accessibility drop explicit include of autoconf.h 2009-12-12 13:08:15 +01:00
acpi Merge branch 'bugzilla-14954' into release 2010-01-20 01:26:22 -05:00
amba
ata libata: retry FS IOs even if it has failed with AC_ERR_INVALID 2010-01-20 14:25:11 -05:00
atm drivers/atm: Correct code taking the size of a pointer 2009-12-13 19:56:33 -08:00
auxdisplay
base Revert "sysdev: fix prototype for memory_sysdev_class show/store functions" 2010-01-20 15:02:13 -08:00
block drbd: Allow online resizing of DRBD devices while peer not reachable (needs to be explicitly forced) 2010-01-12 10:02:46 +01:00
bluetooth Bluetooth: Prevent ill-timed autosuspend in USB driver 2009-12-17 12:12:49 -08:00
cdrom
char tty: fix race in tty_fasync 2010-01-20 15:03:31 -08:00
clocksource cs5535: add a generic clock event MFGPT driver 2009-12-15 08:53:28 -08:00
connector
cpufreq Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2009-12-14 09:58:24 -08:00
cpuidle drivers/cpuidle/governors/menu.c: fix undefined reference to `__udivdi3' 2010-01-11 09:34:07 -08:00
crypto Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2009-12-14 09:58:24 -08:00
dca
dio
dma Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/djbw/async_tx 2009-12-30 13:46:29 -08:00
edac edac: i5000_edac critical fix panic out of bounds 2010-01-16 12:15:38 -08:00
eisa
firewire firewire: core: fix use-after-free regression in FCP handler 2010-01-26 20:54:50 +01:00
firmware firmware: only allow EDD on x86 2009-12-15 08:53:34 -08:00
gpio gpio: adp5588-gpio: new driver for ADP5588 GPIO expanders 2010-01-11 09:34:07 -08:00
gpu Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/anholt/drm-intel 2010-01-16 10:44:38 -08:00
hid Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid 2010-01-13 16:10:13 -08:00
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2010-01-11 09:45:55 -08:00
i2c i2c: Do not use device name after device_unregister 2010-01-16 20:43:13 +01:00
ide Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/benh/powerpc 2009-12-12 14:27:24 -08:00
idle cpumask: convert drivers/idle/i7300_idle.c to cpumask_var_t 2009-12-17 11:43:25 +10:30
ieee1394 firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
ieee802154
infiniband Merge branches 'misc' and 'mlx4' into for-next 2010-01-06 13:16:47 -08:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2010-01-15 14:51:57 -08:00
isdn Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-12 20:53:29 -08:00
leds leds: leds-pwm: Set led_classdev max_brightness 2009-12-17 11:42:34 +00:00
lguest lguest: fix bug in setting guest GDT entry 2010-01-04 12:33:33 -08:00
macintosh powerpc/macintosh: Make Open Firmware device id constant 2010-01-15 13:26:04 +11:00
mca
md DM: Fix device mapper topology stacking 2010-01-11 14:29:20 +01:00
media Merge branch 'mantis' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-01-18 14:07:07 -08:00
memstick
message i2o: propogate the BKL down into the ioctl method 2010-01-04 12:31:21 -08:00
mfd mfd: Unlock mc13783 before subsystems initialisation, at probe time. 2010-01-18 12:30:28 +01:00
misc Merge git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi-misc-2.6 2009-12-17 16:38:48 -08:00
mmc mfd: tmio_mmc hardware abstraction for CNF area 2010-01-18 12:30:27 +01:00
mtd Merge branch 'upstream' of git://ftp.linux-mips.org/pub/scm/upstream-linus 2009-12-17 16:38:06 -08:00
net Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6 2010-01-14 08:36:15 -08:00
nubus
of
oprofile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2009-12-14 09:58:24 -08:00
parisc parisc: Fixup last users of irq_chip->typename 2009-12-16 03:48:56 +00:00
parport parport_pc.c: use correct length in strncmp 2009-12-16 07:20:12 -08:00
pci PCIe AER: prevent AER injection if hardware masks error reporting 2010-01-04 15:52:49 -08:00
pcmcia Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jbarnes/pci-2.6 2009-12-30 13:13:24 -08:00
platform Merge branch 'misc' into release 2010-01-20 01:23:27 -05:00
pnp Merge branch 'release' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux-acpi-2.6 2009-12-16 12:33:19 -08:00
power pmu_battery: Fix battery full reporting 2009-12-18 03:51:29 +03:00
pps
ps3
rapidio
regulator regulator: wm831x_reg_read() failure unnoticed in wm831x_aldo_get_mode() 2009-12-17 10:27:30 +00:00
rtc rtc_cmos: convert shutdown to new pnp_driver->shutdown 2010-01-11 09:34:07 -08:00
s390 [S390] tape_char: add missing compat_ptr conversion 2010-01-13 20:44:46 +01:00
sbus bbc_envctrl: Clean up properly if kthread_run() fails. 2010-01-04 15:31:10 -08:00
scsi [SCSI] megaraid_sas: remove sysfs poll_mode_io world writeable permissions 2010-01-12 21:12:36 -08:00
serial serial: serial_cs: oxsemi quirk breaks resume 2010-01-20 15:03:31 -08:00
sfi
sh
sn ioc3/ioc4: fix error path on driver registration 2009-12-15 08:53:27 -08:00
spi Merge branch 'next-spi' of git://git.secretlab.ca/git/linux-2.6 2009-12-17 15:59:05 -08:00
ssb
staging Staging: hv: fix smp problems in the hyperv core code 2010-01-20 15:05:26 -08:00
tc
telephony
thermal Merge branch 'misc-2.6.33' into release 2009-12-16 14:22:32 -05:00
uio const: constify remaining dev_pm_ops 2009-12-15 08:53:25 -08:00
usb USB: isp1362: fix build failure on ARM systems via irq_flags cleanup 2010-01-20 15:24:36 -08:00
uwb
video revert "drivers/video/s3c-fb.c: fix clock setting for Samsung SoC Framebuffer" 2010-01-16 12:15:40 -08:00
virtio virtio: fix section mismatch warnings 2010-01-16 12:15:39 -08:00
vlynq
w1
watchdog [WATCHDOG] iTCO_wdt: Add Intel Cougar Point and PCH DeviceIDs 2010-01-18 21:39:49 +00:00
xen xen: fix hang on suspend. 2010-01-13 10:01:35 +00:00
zorro
Kconfig firewire, ieee1394: update Kconfig help 2009-12-29 19:58:17 +01:00
Makefile