Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760131AbYFFSLP (ORCPT ); Fri, 6 Jun 2008 14:11:15 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1754896AbYFFSK7 (ORCPT ); Fri, 6 Jun 2008 14:10:59 -0400 Received: from an-out-0708.google.com ([209.85.132.241]:61053 "EHLO an-out-0708.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754659AbYFFSK5 (ORCPT ); Fri, 6 Jun 2008 14:10:57 -0400 DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:cc:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=VR7GmnR0+BozvoKpibs52Yw4n499kdMl7IrG3f8BLM6R8uCgjI1/voxI7YeZouZzVg EX0WuHdL6IzWJ8n+t7KyD8/gJ36p8r6BywrYieKxP8mI7u3uA+EzCT/tGwe7pGaZ/jC7 pT4C/1JMn5G4aMOrc1Mk89TdP1Oy95az5BC6o= Message-ID: Date: Fri, 6 Jun 2008 18:10:55 +0000 From: "Justin Mattock" To: "Andrew Morton" Subject: Re: [ 88.628451] BUG: unable to handle kernel paging request at f8dbf000 "isight_firmware" Cc: "Matthew Garrett" , "Linux Kernel Mailing List" , linux-usb@vger.kernel.org In-Reply-To: <20080606110711.a9a6a4f6.akpm@linux-foundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080606002601.a0f6c47c.akpm@linux-foundation.org> <20080606121136.GA9087@srcf.ucam.org> <20080606110711.a9a6a4f6.akpm@linux-foundation.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1985 Lines: 53 On Fri, Jun 6, 2008 at 6:07 PM, Andrew Morton wrote: > On Fri, 6 Jun 2008 13:11:36 +0100 Matthew Garrett wrote: > >> Argh. My firmware image contained the 0x8001 token that indicates end of >> firmware - the ones generated by Etienne's tool don't, so the driver >> reads straight off the end of the buffer. Can you try this patch? It >> also incorporates the cleanups Andrew suggested, and should be resistant >> to malformed data. >> >> diff --git a/drivers/usb/misc/isight_firmware.c b/drivers/usb/misc/isight_firmware.c >> index 390e048..cc5943c 100644 >> --- a/drivers/usb/misc/isight_firmware.c >> +++ b/drivers/usb/misc/isight_firmware.c >> @@ -39,9 +39,9 @@ static int isight_firmware_load(struct usb_interface *intf, >> struct usb_device *dev = interface_to_usbdev(intf); >> int llen, len, req, ret = 0; >> const struct firmware *firmware; >> - unsigned char *buf; >> + unsigned char *buf = kmalloc(50, GFP_KERNEL); >> unsigned char data[4]; >> - char *ptr; >> + u8 *ptr; > > if (!buf) > return -ENOMEM; > > please. > >> if (request_firmware(&firmware, "isight.fw", &dev->dev) != 0) { >> printk(KERN_ERR "Unable to load isight firmware\n"); >> @@ -59,7 +59,7 @@ static int isight_firmware_load(struct usb_interface *intf, >> goto out; >> } >> >> - while (1) { >> + while (ptr+4 <= firmware->data+firmware->size) { >> memcpy(data, ptr, 4); >> len = (data[0] << 8 | data[1]); >> req = (data[2] << 8 | data[3]); > > O.K. Thanks for the help and patch, I'll go ahead and add that in and let you know. regards; -- Justin P. Mattock -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/