From: Clemens Ladisch Date: Wed, 31 Mar 2010 14:26:46 +0000 (+0200) Subject: firewire: cdev: require quadlet-aligned headers for transmit packets X-Git-Tag: firefly_0821_release~9833^2~1655^2~16 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=385ab5bcd4be586dffdba550b310308d89eade71;p=firefly-linux-kernel-4.4.55.git firewire: cdev: require quadlet-aligned headers for transmit packets The definition of struct fw_cdev_iso_packet seems to imply that the header_length must be quadlet-aligned, and in fact, specifying an unaligned header has never really worked when using multiple packet structures, because the position of the next control word is computed by rounding the header_length _down_, so the last one to three bytes of the header would overlap the next control word. To avoid this problem, check that the header length is properly aligned. Signed-off-by: Clemens Ladisch Signed-off-by: Stefan Richter --- diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index bbb8160e2c99..5eba9e0f876c 100644 --- a/drivers/firewire/core-cdev.c +++ b/drivers/firewire/core-cdev.c @@ -959,6 +959,8 @@ static int ioctl_queue_iso(struct client *client, union ioctl_arg *arg) u.packet.header_length = GET_HEADER_LENGTH(control); if (ctx->type == FW_ISO_CONTEXT_TRANSMIT) { + if (u.packet.header_length % 4 != 0) + return -EINVAL; header_length = u.packet.header_length; } else { /*