[PATCH] libertas if_usb: Fix crash on 64-bit machines
David Miller
davem at davemloft.net
Fri Oct 30 14:17:08 EDT 2009
From: David Woodhouse <dwmw2 at infradead.org>
Date: Fri, 30 Oct 2009 17:45:14 +0000
> On a 64-bit kernel, skb->tail is an offset, not a pointer. The libertas
> usb driver passes it to usb_fill_bulk_urb() anyway, causing interesting
> crashes. Fix that by using skb->data instead.
>
> This highlights a problem with usb_fill_bulk_urb(). It doesn't notice
> when dma_map_single() fails and return the error to its caller as it
> should. In fact it _can't_ currently return the error, since it returns
> void.
>
> So this problem was showing up only at unmap time, after we'd already
> suffered memory corruption by doing DMA to a bogus address.
>
> Signed-off-by: David Woodhouse <David.Woodhouse at intel.com>
> Cc: stable at kernel.org
Acked-by: David S. Miller <davem at davemloft.net>
More information about the libertas-dev
mailing list