aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2012-10-11 08:52:04 +0900
committerLinus Torvalds <torvalds@linux-foundation.org>2012-10-11 08:52:04 +0900
commitba0a5a36f60e4c1152af3a2ae2813251974405bf (patch)
tree00dd9d969b638e229eafe01fcee25b6b6b0e0080
parent3dddebe059d81a39aa1135b6e6d18ebfa4d25384 (diff)
parent790198f74c9d1b46b6a89504361b1a844670d050 (diff)
Merge tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394
Pull a firewire fix from Stefan Richter: "Fixes an old bug of the /dev/fw* ioctl ABI." * tag 'firewire-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/ieee1394/linux1394: firewire: cdev: fix user memory corruption (i386 userland on amd64 kernel)
-rw-r--r--drivers/firewire/core-cdev.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c
index 2783f69dada..f8d22872d75 100644
--- a/drivers/firewire/core-cdev.c
+++ b/drivers/firewire/core-cdev.c
@@ -473,8 +473,8 @@ static int ioctl_get_info(struct client *client, union ioctl_arg *arg)
client->bus_reset_closure = a->bus_reset_closure;
if (a->bus_reset != 0) {
fill_bus_reset_event(&bus_reset, client);
- ret = copy_to_user(u64_to_uptr(a->bus_reset),
- &bus_reset, sizeof(bus_reset));
+ /* unaligned size of bus_reset is 36 bytes */
+ ret = copy_to_user(u64_to_uptr(a->bus_reset), &bus_reset, 36);
}
if (ret == 0 && list_empty(&client->link))
list_add_tail(&client->link, &client->device->client_list);