| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Nov 2009 13:39:45 -0800 From: Inaky Perez-Gonzalez <inaky@...ux.intel.com> To: netdev@...r.kernel.org, wimax@...uxwimax.org Cc: Cindy H Kao <cindy.h.kao@...el.com> Subject: [PATCH 2.6.33/2 04/15] wimax/i2400m: don't write to memory allocated by request_firmware() From: Cindy H Kao <cindy.h.kao@...el.com> In kernel 2.6.31, the firmware requested to ram could be marked with read only attribute, and we can't write any thing directly to the memory when setting up the last JUMP brh cmd. Changed so that the scratch buffer is used. Signed-off-by: Cindy H Kao <cindy.h.kao@...el.com> Signed-off-by: Inaky Perez-Gonzalez <inaky@...ux.intel.com> --- drivers/net/wimax/i2400m/fw.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/drivers/net/wimax/i2400m/fw.c b/drivers/net/wimax/i2400m/fw.c index 0018cdb..92d4d60 100644 --- a/drivers/net/wimax/i2400m/fw.c +++ b/drivers/net/wimax/i2400m/fw.c @@ -533,6 +533,10 @@ int i2400m_dnload_finalize(struct i2400m *i2400m, struct i2400m_bootrom_header jump_ack; d_printf(1, dev, "unsecure boot, jumping to 0x%08x\n", le32_to_cpu(cmd->target_addr)); + cmd_buf = i2400m->bm_cmd_buf; + memcpy(&cmd_buf->cmd, cmd, sizeof(*cmd)); + cmd = &cmd_buf->cmd; + /* now cmd points to the actual bootrom_header in cmd_buf */ i2400m_brh_set_opcode(cmd, I2400M_BRH_JUMP); cmd->data_size = 0; ret = i2400m_bm_cmd(i2400m, cmd, sizeof(*cmd), -- 1.6.2.5 -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists