summaryrefslogtreecommitdiffstats
path: root/drivers/firewire/fw-cdev.c
diff options
context:
space:
mode:
authorDavid Moore <dcm@acm.org>2008-07-29 23:46:25 -0700
committerStefan Richter <stefanr@s5r6.in-berlin.de>2008-08-02 20:03:49 +0200
commit8401d92ba46a1e859464cbd9c9ee304f6e361da3 (patch)
treecdf4ecb706a4f2417b57a8d52d887cd4b2c12130 /drivers/firewire/fw-cdev.c
parentf05e21b39f7dddcebab03ff329fef5783fea58d4 (diff)
downloadkernel-crypto-8401d92ba46a1e859464cbd9c9ee304f6e361da3.tar.gz
kernel-crypto-8401d92ba46a1e859464cbd9c9ee304f6e361da3.tar.xz
kernel-crypto-8401d92ba46a1e859464cbd9c9ee304f6e361da3.zip
firewire: Preserve response data alignment bug when it is harmless
Recently, a bug having to do with the alignment of transaction response data was fixed. However, some apps such as libdc1394 relied on the presence of that bug in order to function correctly. In order to stay compatible with old versions of those apps, this patch preserves the bug in cases where it is harmless to normal operation (such as the single quadlet read) due to a simple duplication of data. This guarantees maximum compatability for those users who are using the old app with the fixed kernel. Signed-off-by: David Moore <dcm@acm.org> Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'drivers/firewire/fw-cdev.c')
-rw-r--r--drivers/firewire/fw-cdev.c29
1 files changed, 20 insertions, 9 deletions
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index bc81d6fcd2f..2e6d5848d21 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -369,22 +369,33 @@ complete_transaction(struct fw_card *card, int rcode,
struct response *response = data;
struct client *client = response->client;
unsigned long flags;
+ struct fw_cdev_event_response *r = &response->response;
- if (length < response->response.length)
- response->response.length = length;
+ if (length < r->length)
+ r->length = length;
if (rcode == RCODE_COMPLETE)
- memcpy(response->response.data, payload,
- response->response.length);
+ memcpy(r->data, payload, r->length);
spin_lock_irqsave(&client->lock, flags);
list_del(&response->resource.link);
spin_unlock_irqrestore(&client->lock, flags);
- response->response.type = FW_CDEV_EVENT_RESPONSE;
- response->response.rcode = rcode;
- queue_event(client, &response->event, &response->response,
- sizeof(response->response) + response->response.length,
- NULL, 0);
+ r->type = FW_CDEV_EVENT_RESPONSE;
+ r->rcode = rcode;
+
+ /*
+ * In the case that sizeof(*r) doesn't align with the position of the
+ * data, and the read is short, preserve an extra copy of the data
+ * to stay compatible with a pre-2.6.27 bug. Since the bug is harmless
+ * for short reads and some apps depended on it, this is both safe
+ * and prudent for compatibility.
+ */
+ if (r->length <= sizeof(*r) - offsetof(typeof(*r), data))
+ queue_event(client, &response->event, r, sizeof(*r),
+ r->data, r->length);
+ else
+ queue_event(client, &response->event, r, sizeof(*r) + r->length,
+ NULL, 0);
}
static int ioctl_send_request(struct client *client, void *buffer)