From 6d6b6d13ead1b9c8f23075e87fbc93f6f5549631 Mon Sep 17 00:00:00 2001 From: Tejun Heo Date: Wed, 20 Feb 2013 13:16:12 +1100 Subject: [PATCH] firewire: add minor number range check to fw_device_init() fw_device_init() didn't check whether the allocated minor number isn't too large. Fail if it goes overflows MINORBITS. Signed-off-by: Tejun Heo Suggested-by: Stefan Richter Acked-by: Stefan Richter Cc: Signed-off-by: Andrew Morton --- drivers/firewire/core-device.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/firewire/core-device.c b/drivers/firewire/core-device.c index 3873d535b28d..af3e8aa5eedc 100644 --- a/drivers/firewire/core-device.c +++ b/drivers/firewire/core-device.c @@ -1020,6 +1020,10 @@ static void fw_device_init(struct work_struct *work) ret = idr_pre_get(&fw_device_idr, GFP_KERNEL) ? idr_get_new(&fw_device_idr, device, &minor) : -ENOMEM; + if (minor >= 1 << MINORBITS) { + idr_remove(&fw_device_idr, minor); + minor = -ENOSPC; + } up_write(&fw_device_rwsem); if (ret < 0) -- 2.39.5