[PATCH 26/88] firewire: add minor number range check to fw_device_init()
Luis Henriques
luis.henriques at canonical.com
Thu Mar 14 10:35:19 UTC 2013
3.5.7.8 -stable review patch. If anyone has any objections, please let me know.
------------------
From: Tejun Heo <tj at kernel.org>
commit 3bec60d511179853138836ae6e1b61fe34d9235f upstream.
fw_device_init() didn't check whether the allocated minor number isn't
too large. Fail if it goes overflows MINORBITS.
Signed-off-by: Tejun Heo <tj at kernel.org>
Suggested-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Acked-by: Stefan Richter <stefanr at s5r6.in-berlin.de>
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
drivers/firewire/core-device.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c
index 4d460ef..ee901e2 100644
--- a/drivers/firewire/core-device.c
+++ b/drivers/firewire/core-device.c
@@ -1010,6 +1010,10 @@ static void fw_device_init(struct work_struct *work)
ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ?
idr_get_new(&fw_device_idr, device, &minor) :
-ENOMEM;
+ if (minor >= 1 << MINORBITS) {
+ idr_remove(&fw_device_idr, minor);
+ minor = -ENOSPC;
+ }
up_write(&fw_device_rwsem);
if (ret < 0)
--
1.8.1.2
More information about the kernel-team
mailing list