It seems like patches were merged upstream for this. I'm including the upstream git commit id's and descriptions:
commit 7084191d53b224b953c8e1db525ea6c31aca5fc7
Author: Alan Stern <email address hidden>
Date: Wed Feb 20 14:15:58 2008 -0500
USB: usb-storage: don't access beyond the end of the sg buffer
This patch (as1035) fixes a bug in usb_stor_access_xfer_buf() (the bug
was originally found by Boaz Harrosh): The routine must not attempt to
write beyond the end of a scatter-gather list or beyond the number of
bytes requested. It also fixes up the formatting of a few comments
and similar whitespace issues.
This patch (as1037) makes a small update to the earlier as1035 patch.
The minimum-length computation shouldn't be done in
usb_stor_access_xfer_buf(), since that routine can be called multiple
times for a single transfer. It should be done in
usb_stor_set_xfer_buf() instead, which gets called only once.
The way it is now isn't really _wrong_, but it isn't really _right_
either. Moving the statement will be an improvement.
However, please note that we're currently in Beta freeze for Hardy so these may not get in. If this is the case, they should automatically be available in the Intrepid Ibex release as the kernel will be rebased with mainline. Thanks.
Hi Stef,
It seems like patches were merged upstream for this. I'm including the upstream git commit id's and descriptions:
commit 7084191d53b224b 953c8e1db525ea6 c31aca5fc7
Author: Alan Stern <email address hidden>
Date: Wed Feb 20 14:15:58 2008 -0500
USB: usb-storage: don't access beyond the end of the sg buffer
This patch (as1035) fixes a bug in usb_stor_ access_ xfer_buf( ) (the bug
was originally found by Boaz Harrosh): The routine must not attempt to
write beyond the end of a scatter-gather list or beyond the number of
bytes requested. It also fixes up the formatting of a few comments
and similar whitespace issues.
Signed-off-by: Alan Stern <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
and
commit 6d512a80c26d87f 8599057c86dc920 fbfe0aa3aa
Author: Alan Stern <email address hidden>
Date: Fri Feb 22 17:00:06 2008 -0500
usb-storage: update earlier scatter-gather bug fix
This patch (as1037) makes a small update to the earlier as1035 patch. stor_access_ xfer_buf( ), since that routine can be called multiple stor_set_ xfer_buf( ) instead, which gets called only once.
The minimum-length computation shouldn't be done in
usb_
times for a single transfer. It should be done in
usb_
The way it is now isn't really _wrong_, but it isn't really _right_
either. Moving the statement will be an improvement.
Signed-off-by: Alan Stern <email address hidden>
Signed-off-by: Greg Kroah-Hartman <email address hidden>
However, please note that we're currently in Beta freeze for Hardy so these may not get in. If this is the case, they should automatically be available in the Intrepid Ibex release as the kernel will be rebased with mainline. Thanks.