On Wed, 10 Jun 2009, Pete Zaitcev wrote:
> On Wed, 10 Jun 2009 17:30:07 -0400 (EDT), Alan Stern <stern@xxxxxxxxxxxxxxxxxxx> wrote:
>
> > > + if (io->nents == io->entries && !PageHighMem(sg_page(sg))) {
> > > + io->urbs[i]->transfer_buffer = sg_virt(sg);
> > > + } else {
> > > + io->urbs[i]->transfer_buffer = NULL;
> > > + }
> > > if (dma) {
> ....
> > > } else {
> > > /* hc may use _only_ transfer_buffer */
> > > - io->urbs[i]->transfer_buffer = sg_virt(sg);
> > > len = sg->length;
> >
> > There needs to be a test here for transfer_buffer != NULL. It would
> > not be good for an HCD using PIO to crash the system because it tried
> > to access invalid memory.
>
> I do not understand what scenario we are considering that leads to
> the crash. Are you talking about a PIO controller and a highmem system?
> If yes, how does it work in the current code?
You're right; it can't happen. Or if it does, it's already broken.
Alan Stern
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
