On Wed, May 20, 2009 at 7:17 AM, Roel Kluin <roel.kl...@gmail.com> wrote:
> Do not go beyond ARRAY_SIZE of fdev->chan
>
> Signed-off-by: Roel Kluin <roel.kl...@gmail.com>
Indeed, thanks.
But I would like the title and description of this patch be changed to
like this:
fsldma: fix check on potential fdev->chan[] overflow
Fix the check of potential array overflow when using corrupted channel
device tree nodes.
> ---
> diff --git a/drivers/dma/fsldma.c b/drivers/dma/fsldma.c
> index da8a8ed..391b1bd 100644
> --- a/drivers/dma/fsldma.c
> +++ b/drivers/dma/fsldma.c
> @@ -830,7 +830,7 @@ static int __devinit fsl_dma_chan_probe(struct
> fsl_dma_device *fdev,
> new_fsl_chan->reg.end - new_fsl_chan->reg.start + 1);
>
> new_fsl_chan->id = ((new_fsl_chan->reg.start - 0x100) & 0xfff) >> 7;
> - if (new_fsl_chan->id > FSL_DMA_MAX_CHANS_PER_DEVICE) {
> + if (new_fsl_chan->id >= FSL_DMA_MAX_CHANS_PER_DEVICE) {
> dev_err(fdev->dev, "There is no %d channel!\n",
> new_fsl_chan->id);
> err = -EINVAL;
_______________________________________________
Linuxppc-dev mailing list
Linuxppc-dev@ozlabs.org
https://ozlabs.org/mailman/listinfo/linuxppc-dev
