aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br>2011-02-02 13:04:02 -0500
committerJohn Stultz <john.stultz@linaro.org>2011-02-03 15:59:50 -0500
commit83a06bf50bdf2074b9404951ff60e142d159d93b (patch)
treeebb70cdc221d06529fd327e284f1b9191939f6aa
parent9118626a30f8a3f58674623bebd3c34961e558af (diff)
RTC: Prevents a division by zero in kernel code.
This patch prevents a user space program from calling the RTC_IRQP_SET ioctl with a negative value of frequency. Also, if this call is make with a zero value of frequency, there would be a division by zero in the kernel code. [jstultz: Also initialize irq_freq to 1 to catch other divbyzero issues] CC: Alessandro Zummo <a.zummo@towertech.it> CC: Thomas Gleixner <tglx@linutronix.de> Signed-off-by: Marcelo Roberto Jimenez <mroberto@cpti.cetuc.puc-rio.br> Signed-off-by: John Stultz <john.stultz@linaro.org>
-rw-r--r--drivers/rtc/class.c1
-rw-r--r--drivers/rtc/interface.c3
2 files changed, 4 insertions, 0 deletions
diff --git a/drivers/rtc/class.c b/drivers/rtc/class.c
index 9583cbcc6b79..c404b61386bf 100644
--- a/drivers/rtc/class.c
+++ b/drivers/rtc/class.c
@@ -143,6 +143,7 @@ struct rtc_device *rtc_device_register(const char *name, struct device *dev,
143 rtc->id = id; 143 rtc->id = id;
144 rtc->ops = ops; 144 rtc->ops = ops;
145 rtc->owner = owner; 145 rtc->owner = owner;
146 rtc->irq_freq = 1;
146 rtc->max_user_freq = 64; 147 rtc->max_user_freq = 64;
147 rtc->dev.parent = dev; 148 rtc->dev.parent = dev;
148 rtc->dev.class = rtc_class; 149 rtc->dev.class = rtc_class;
diff --git a/drivers/rtc/interface.c b/drivers/rtc/interface.c
index 925006d33109..a0c01967244d 100644
--- a/drivers/rtc/interface.c
+++ b/drivers/rtc/interface.c
@@ -464,6 +464,9 @@ int rtc_irq_set_freq(struct rtc_device *rtc, struct rtc_task *task, int freq)
464 int err = 0; 464 int err = 0;
465 unsigned long flags; 465 unsigned long flags;
466 466
467 if (freq <= 0)
468 return -EINVAL;
469
467 spin_lock_irqsave(&rtc->irq_task_lock, flags); 470 spin_lock_irqsave(&rtc->irq_task_lock, flags);
468 if (rtc->irq_task != NULL && task == NULL) 471 if (rtc->irq_task != NULL && task == NULL)
469 err = -EBUSY; 472 err = -EBUSY;