firewire: cdev: extend transaction payload size check

Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>

firewire: cdev: extend transaction payload size check
Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
5d3fd692 · Stefan Richter · 1566f3dc · 5d3fd692
Commit 5d3fd692 authored Jan 04, 2009 by Stefan Richter
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 3 deletions

drivers/firewire/fw-cdev.c drivers/firewire/fw-cdev.c +2 -3

No files found.
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -525,9 +525,8 @@ static int init_request(struct client *client,
 	struct outbound_transaction_event *e;
 	int ret;

-	/* What is the biggest size we'll accept, really? */
-	if (request->length > 4096)
-		return -EINVAL;
+	if (request->length > 4096 || request->length > 512 << speed)
+		return -EIO;

 	e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL);
 	if (e == NULL)