lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

firewire: cdev: address handler input validation

Browse Source 
Like before my commit 1415d9189e,
fw_core_add_address_handler() does not align the address region now.
Instead the caller is required to pass valid parameters.

Since one of the callers of fw_core_add_address_handler() is the cdev
userspace interface, we now check for valid input.  If the client is
buggy, we give it a hint with -EINVAL.

Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
This commit is contained in:
Stefan Richter
2008-12-14 19:21:01 +01:00
parent 45ee3199eb
commit 3e0b5f0d7c
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/firewire/fw-cdev.c
View File

@@ -591,9 +591,10 @@ static int ioctl_allocate(struct client *client, void *buffer)
handler->closure = request->closure; handler->closure = request->closure;
handler->client = client; handler->client = client;
if (fw_core_add_address_handler(&handler->handler, &region) < 0) { ret = fw_core_add_address_handler(&handler->handler, &region);
if (ret < 0) {
kfree(handler); kfree(handler);
return -EBUSY; return ret;
} }
handler->resource.release = release_address_handler; handler->resource.release = release_address_handler;

27
drivers/firewire/fw-transaction.c
View File

@@ -449,16 +449,19 @@ const struct fw_address_region fw_unit_space_region =
#endif /* 0 */ #endif /* 0 */
/** /**
* Allocate a range of addresses in the node space of the OHCI * fw_core_add_address_handler - register for incoming requests
* controller. When a request is received that falls within the * @handler: callback
* specified address range, the specified callback is invoked. The * @region: region in the IEEE 1212 node space address range
* parameters passed to the callback give the details of the *
* particular request. * region->start, ->end, and handler->length have to be quadlet-aligned.
*
* When a request is received that falls within the specified address range,
* the specified callback is invoked. The parameters passed to the callback
* give the details of the particular request.
* *
* Return value: 0 on success, non-zero otherwise. * Return value: 0 on success, non-zero otherwise.
* The start offset of the handler's address region is determined by * The start offset of the handler's address region is determined by
* fw_core_add_address_handler() and is returned in handler->offset. * fw_core_add_address_handler() and is returned in handler->offset.
* The offset is quadlet-aligned.
*/ */
int int
fw_core_add_address_handler(struct fw_address_handler *handler, fw_core_add_address_handler(struct fw_address_handler *handler,
@@ -468,17 +471,23 @@ fw_core_add_address_handler(struct fw_address_handler *handler,
unsigned long flags; unsigned long flags;
int ret = -EBUSY; int ret = -EBUSY;
if (region->start & 0xffff000000000003ULL ||
region->end & 0xffff000000000003ULL ||
region->start >= region->end ||
handler->length & 3 ||
handler->length == 0)
return -EINVAL;
spin_lock_irqsave(&address_handler_lock, flags); spin_lock_irqsave(&address_handler_lock, flags);
handler->offset = roundup(region->start, 4); handler->offset = region->start;
while (handler->offset + handler->length <= region->end) { while (handler->offset + handler->length <= region->end) {
other = other =
lookup_overlapping_address_handler(&address_handler_list, lookup_overlapping_address_handler(&address_handler_list,
handler->offset, handler->offset,
handler->length); handler->length);
if (other != NULL) { if (other != NULL) {
handler->offset = handler->offset += other->length;
roundup(other->offset + other->length, 4);
} else { } else {
list_add_tail(&handler->link, &address_handler_list); list_add_tail(&handler->link, &address_handler_list);
ret = 0; ret = 0;