| Message ID | 1356612435.3447.35.camel@canaries64 |
|---|---|
| State | New |
| Headers | show |
On Thu, Dec 27, 2012 at 12:47:15PM +0000, Malcolm Priestley wrote: > > upstream commit > ab1dd9963137a1e122004d5378a581bf16ae9bc8 > > Tested on kernels 2.6.35, 3.0, 3.2, 3.5 & 3.7 > > This upstream commit and the ones in patch 2 & 3 are critical for boot > dead lock on 64 bit systems, the remaining commits bring the driver up. > > staging: vt6656: [BUG] out of bound array reference in RFbSetPower. > > Calling RFbSetPower with uCH zero value will cause out of bound array reference. > > This causes 64 bit kernels to oops on boot. > > Note: Driver does not function on 64 bit kernels and should be > blacklisted on them. > > Cc: stable@kernel.org # 2.6.35+ > Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com> > Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Queued all except 2/8 and 3/8 for reasons already noted, thanks.
diff --git a/drivers/staging/vt6656/rf.c b/drivers/staging/vt6656/rf.c index 593cdc7..74c0598 100644 --- a/drivers/staging/vt6656/rf.c +++ b/drivers/staging/vt6656/rf.c @@ -769,6 +769,9 @@ BYTE byPwr = pDevice->byCCKPwr; return TRUE; } + if (uCH == 0) + return -EINVAL; + switch (uRATE) { case RATE_1M: case RATE_2M:
upstream commit ab1dd9963137a1e122004d5378a581bf16ae9bc8 Tested on kernels 2.6.35, 3.0, 3.2, 3.5 & 3.7 This upstream commit and the ones in patch 2 & 3 are critical for boot dead lock on 64 bit systems, the remaining commits bring the driver up. staging: vt6656: [BUG] out of bound array reference in RFbSetPower. Calling RFbSetPower with uCH zero value will cause out of bound array reference. This causes 64 bit kernels to oops on boot. Note: Driver does not function on 64 bit kernels and should be blacklisted on them. Cc: stable@kernel.org # 2.6.35+ Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>