[ 3.5.y.z extended stable ] Patch "firewire: add minor number range check to fw_device_init()" has been added to staging queue

[Luis Henriques]

This is a note to let you know that I have just added a patch titled

    firewire: add minor number range check to fw_device_init()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 08838e7a100d94c3c514f4ee7c79ab7b5ddd514f Mon Sep 17 00:00:00 2001
From: Tejun Heo <tj at kernel.org>
Date: Wed, 27 Feb 2013 17:04:04 -0800
Subject: [PATCH] firewire: add minor number range check to fw_device_init()

commit 3bec60d511179853138836ae6e1b61fe34d9235f upstream.

fw_device_init() didn't check whether the allocated minor number isn't
too large.  Fail if it goes overflows MINORBITS.

Signed-off-by: Tejun Heo <tj at kernel.org>
Suggested-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Acked-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 drivers/firewire/core-device.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
index 4d460ef..ee901e2 100644
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -1010,6 +1010,10 @@ static void fw_device_init(struct work_struct *work)
 	ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ?
 	      idr_get_new(&fw_device_idr, device, &minor) :
 	      -ENOMEM;
+	if (minor >= 1 << MINORBITS) {
+		idr_remove(&fw_device_idr, minor);
+		minor = -ENOSPC;
+	}
 	up_write(&fw_device_rwsem);

 	if (ret < 0)
--
1.8.1.2