[PATCH 1/5] Don't overflow irq_desc array

From: Matthew Wilcox
Date: Sun Nov 20 2005 - 20:15:14 EST


Check the irq number is within bounds in the functions which weren't
already checking.

Signed-off-by: Matthew Wilcox <matthew@xxxxxx>
Acked-by: Ingo Molnar <mingo@xxxxxxx>

---

kernel/irq/manage.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)

applies-to: bf816f7c7055127415fc3b718e260855df815d55
2a58094e213ad848c8af39b7740052ecd0b92835
diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c
index 3bd7226..81c49a4 100644
--- a/kernel/irq/manage.c
+++ b/kernel/irq/manage.c
@@ -36,6 +36,9 @@ void synchronize_irq(unsigned int irq)
{
struct irq_desc *desc = irq_desc + irq;

+ if (irq >= NR_IRQS)
+ return;
+
while (desc->status & IRQ_INPROGRESS)
cpu_relax();
}
@@ -60,6 +63,9 @@ void disable_irq_nosync(unsigned int irq
irq_desc_t *desc = irq_desc + irq;
unsigned long flags;

+ if (irq >= NR_IRQS)
+ return;
+
spin_lock_irqsave(&desc->lock, flags);
if (!desc->depth++) {
desc->status |= IRQ_DISABLED;
@@ -86,6 +92,9 @@ void disable_irq(unsigned int irq)
{
irq_desc_t *desc = irq_desc + irq;

+ if (irq >= NR_IRQS)
+ return;
+
disable_irq_nosync(irq);
if (desc->action)
synchronize_irq(irq);
@@ -108,6 +117,9 @@ void enable_irq(unsigned int irq)
irq_desc_t *desc = irq_desc + irq;
unsigned long flags;

+ if (irq >= NR_IRQS)
+ return;
+
spin_lock_irqsave(&desc->lock, flags);
switch (desc->depth) {
case 0:
@@ -163,6 +175,9 @@ int setup_irq(unsigned int irq, struct i
unsigned long flags;
int shared = 0;

+ if (irq >= NR_IRQS)
+ return -EINVAL;
+
if (desc->handler == &no_irq_type)
return -ENOSYS;
/*
---
0.99.8.GIT
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/