| From 3bec60d511179853138836ae6e1b61fe34d9235f Mon Sep 17 00:00:00 2001 |
| From: Tejun Heo <tj@kernel.org> |
| Date: Wed, 27 Feb 2013 17:04:04 -0800 |
| Subject: firewire: add minor number range check to fw_device_init() |
| |
| From: Tejun Heo <tj@kernel.org> |
| |
| commit 3bec60d511179853138836ae6e1b61fe34d9235f upstream. |
| |
| fw_device_init() didn't check whether the allocated minor number isn't |
| too large. Fail if it goes overflows MINORBITS. |
| |
| Signed-off-by: Tejun Heo <tj@kernel.org> |
| Suggested-by: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| Acked-by: Stefan Richter <stefanr@s5r6.in-berlin.de> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| drivers/firewire/core-device.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/drivers/firewire/core-device.c |
| +++ b/drivers/firewire/core-device.c |
| @@ -999,6 +999,10 @@ static void fw_device_init(struct work_s |
| ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ? |
| idr_get_new(&fw_device_idr, device, &minor) : |
| -ENOMEM; |
| + if (minor >= 1 << MINORBITS) { |
| + idr_remove(&fw_device_idr, minor); |
| + minor = -ENOSPC; |
| + } |
| up_write(&fw_device_rwsem); |
| |
| if (ret < 0) |