From: Stefan Richter <stefanr@s5r6.in-berlin.de>
Date: Sun, 4 Jan 2009 15:23:29 +0000 (+0100)
Subject: firewire: cdev: extend transaction payload size check
X-Git-Tag: accepted/tizen/common/20141203.182822~14866^2~59
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5d3fd692a7196a9045fb606f891f5987959b65a0;p=platform%2Fkernel%2Flinux-arm64.git

firewire: cdev: extend transaction payload size check

Make the size check of ioctl_send_request and
ioctl_send_broadcast_request speed dependent.  Also change the error
return code from -EINVAL to -EIO to distinguish this from other errors
concerning the ioctl parameters.

Another payload size limit for which we don't check here though is the
remote node's Bus_Info_Block.max_rec.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
---

diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index d48fa1c..6b33f15 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -525,9 +525,8 @@ static int init_request(struct client *client,
 	struct outbound_transaction_event *e;
 	int ret;
 
-	/* What is the biggest size we'll accept, really? */
-	if (request->length > 4096)
-		return -EINVAL;
+	if (request->length > 4096 || request->length > 512 << speed)
+		return -EIO;
 
 	e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
 	if (e == NULL)