| From 33d973ad88ceb83ed1449592b7574b5b5bb33ac6 Mon Sep 17 00:00:00 2001 |
| From: Steven Robertson <steven@strobe.cc> |
| Date: Wed, 21 Jul 2010 16:38:44 -0400 |
| Subject: USB: resizing usbmon binary interface buffer causes protection faults |
| |
| From: Steven Robertson <steven@strobe.cc> |
| |
| commit 33d973ad88ceb83ed1449592b7574b5b5bb33ac6 upstream. |
| |
| Enlarging the buffer size via the MON_IOCT_RING_SIZE ioctl causes |
| general protection faults. It appears the culprit is an incorrect |
| argument to mon_free_buff: instead of passing the size of the current |
| buffer being freed, the size of the new buffer is passed. |
| |
| Use the correct size argument to mon_free_buff when changing the size of |
| the buffer. |
| |
| Signed-off-by: Steven Robertson <steven@strobe.cc> |
| Acked-by: Pete Zaitcev <zaitcev@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| drivers/usb/mon/mon_bin.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/drivers/usb/mon/mon_bin.c |
| +++ b/drivers/usb/mon/mon_bin.c |
| @@ -1009,7 +1009,7 @@ static int mon_bin_ioctl(struct file *fi |
| |
| mutex_lock(&rp->fetch_lock); |
| spin_lock_irqsave(&rp->b_lock, flags); |
| - mon_free_buff(rp->b_vec, size/CHUNK_SIZE); |
| + mon_free_buff(rp->b_vec, rp->b_size/CHUNK_SIZE); |
| kfree(rp->b_vec); |
| rp->b_vec = vec; |
| rp->b_size = size; |
