From: Jeff Moyer Date: Mon, 13 Feb 2006 22:52:38 +0000 (-0800) Subject: [PATCH] firmware: fix BUG: in fw_realloc_buffer X-Git-Tag: v2.6.17-rc1~1177^2~9 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30560ba6eda308c13a361d08eb5d4eaab94ab37e;p=linux-2.6 [PATCH] firmware: fix BUG: in fw_realloc_buffer The fw_realloc_buffer routine does not handle an increase in buffer size of more than 4k. It's not clear to me why it expects that it will only get an extra 4k of data. The attached patch modifies fw_realloc_buffer to vmalloc as much memory as is requested, instead of what we previously had + 4k. I've tested this on my laptop, which would crash occaisionally on boot without the patch. With the patch, it hasn't crashed, but I can't be certain that this code path is exercised. Signed-off-by: Jeff Moyer Signed-off-by: Andrew Morton Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/base/firmware_class.c b/drivers/base/firmware_class.c index e97e911ebf..4723182052 100644 --- a/drivers/base/firmware_class.c +++ b/drivers/base/firmware_class.c @@ -211,18 +211,20 @@ static int fw_realloc_buffer(struct firmware_priv *fw_priv, int min_size) { u8 *new_data; + int new_size = fw_priv->alloc_size; if (min_size <= fw_priv->alloc_size) return 0; - new_data = vmalloc(fw_priv->alloc_size + PAGE_SIZE); + new_size = ALIGN(min_size, PAGE_SIZE); + new_data = vmalloc(new_size); if (!new_data) { printk(KERN_ERR "%s: unable to alloc buffer\n", __FUNCTION__); /* Make sure that we don't keep incomplete data */ fw_load_abort(fw_priv); return -ENOMEM; } - fw_priv->alloc_size += PAGE_SIZE; + fw_priv->alloc_size = new_size; if (fw_priv->fw->data) { memcpy(new_data, fw_priv->fw->data, fw_priv->fw->size); vfree(fw_priv->fw->data);