From: Tejun Heo <tj@xxxxxxxxxx>
Subject: firewire: add minor number range check to fw_device_init()
fw_device_init() didn't check whether the allocated minor number isn't
too large. Fail if it goes overflows MINORBITS.
Signed-off-by: Tejun Heo <tj@xxxxxxxxxx>
Suggested-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
Acked-by: Stefan Richter <stefanr@xxxxxxxxxxxxxxxxx>
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/firewire/core-device.c | 4 ++++
1 file changed, 4 insertions(+)
diff -puN drivers/firewire/core-device.c~firewire-add-minor-number-range-check-to-fw_device_init drivers/firewire/core-device.c
--- a/drivers/firewire/core-device.c~firewire-add-minor-number-range-check-to-fw_device_init
+++ a/drivers/firewire/core-device.c
@@ -1020,6 +1020,10 @@ static void fw_device_init(struct work_s
ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ?
idr_get_new(&fw_device_idr, device, &minor) :
-ENOMEM;
+ if (minor >= 1 << MINORBITS) {
+ idr_remove(&fw_device_idr, minor);
+ minor = -ENOSPC;
+ }
up_write(&fw_device_rwsem);
if (ret < 0)
_
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html