Date: Sun, 13 Jan 2008 11:54:02 GMT From: Hans Petter Selasky <hselasky@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 133184 for review Message-ID: <200801131154.m0DBs2DE079136@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=133184 Change 133184 by hselasky@hselasky_laptop001 on 2008/01/13 11:53:19 UHCI bugfix. Avoid fixups on isochronous transfers that have a length of zero bytes, because "usbd_get_page()" might access invalid memory in the case the total length of all the isochronous transfer(s) is also zero bytes. This is because no memory is loaded into DMA if the total transfer length is zero bytes. This also will fix an "off by one" issue in some special cases where "usbd_get_page()" is involved. Non-isochronous transfers are not affected by this change. Affected files ... .. //depot/projects/usb/src/sys/dev/usb/uhci.c#58 edit Differences ... ==== //depot/projects/usb/src/sys/dev/usb/uhci.c#58 (text+ko) ==== @@ -2255,10 +2255,22 @@ td->len = *plen; + if (td->len == 0) { + /* + * Do not call "uhci_mem_layout_fixup()" when + * the length is zero! + */ + td->td_buffer = 0; + td->fix_pc = NULL; + + } else { + /* fill out buffer pointer and do fixup, if any */ uhci_mem_layout_fixup(&ml, td); + } + /* update status */ if (nframes == 0) { td->td_status = htole32
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200801131154.m0DBs2DE079136>