diff options
| author | Michael Ellerman <michael@ellerman.id.au> | 2006-08-01 20:48:50 -0400 |
|---|---|---|
| committer | Paul Mackerras <paulus@samba.org> | 2006-09-26 01:24:34 -0400 |
| commit | e12514650b167f48e952d50315fd492d01d42988 (patch) | |
| tree | 8ac4f5ca248ef91a1a6550eba64cca2a80a9711b /arch/powerpc | |
| parent | 94983cb7881dff760d724759105a6f67935b571d (diff) | |
[POWERPC] Fix loop logic in irq_alloc_virt()
There's a bug in irq_alloc_virt() if it's asked for more than 1 interrupt,
if it can't find a slot it might look past the end of the irq_map.
To be clear: the bug is that the continue affects the inner for loop,
not the outer one, so i becomes j + 1 and then we continue the inner
loop without checking if i is still <= limit.
This fixes it. No one in the kernel actually calls this with count >
1, so it's not critical.
Signed-off-by: Michael Ellerman <michael@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Paul Mackerras <paulus@samba.org>
Diffstat (limited to 'arch/powerpc')
| -rw-r--r-- | arch/powerpc/kernel/irq.c | 19 |
1 files changed, 10 insertions, 9 deletions
diff --git a/arch/powerpc/kernel/irq.c b/arch/powerpc/kernel/irq.c index b4432332341f..c3f58f2f9f52 100644 --- a/arch/powerpc/kernel/irq.c +++ b/arch/powerpc/kernel/irq.c | |||
| @@ -777,7 +777,6 @@ unsigned int irq_alloc_virt(struct irq_host *host, | |||
| 777 | { | 777 | { |
| 778 | unsigned long flags; | 778 | unsigned long flags; |
| 779 | unsigned int i, j, found = NO_IRQ; | 779 | unsigned int i, j, found = NO_IRQ; |
| 780 | unsigned int limit = irq_virq_count - count; | ||
| 781 | 780 | ||
| 782 | if (count == 0 || count > (irq_virq_count - NUM_ISA_INTERRUPTS)) | 781 | if (count == 0 || count > (irq_virq_count - NUM_ISA_INTERRUPTS)) |
| 783 | return NO_IRQ; | 782 | return NO_IRQ; |
| @@ -794,14 +793,16 @@ unsigned int irq_alloc_virt(struct irq_host *host, | |||
| 794 | /* Look for count consecutive numbers in the allocatable | 793 | /* Look for count consecutive numbers in the allocatable |
| 795 | * (non-legacy) space | 794 | * (non-legacy) space |
| 796 | */ | 795 | */ |
| 797 | for (i = NUM_ISA_INTERRUPTS; i <= limit; ) { | 796 | for (i = NUM_ISA_INTERRUPTS, j = 0; i < irq_virq_count; i++) { |
| 798 | for (j = i; j < (i + count); j++) | 797 | if (irq_map[i].host != NULL) |
| 799 | if (irq_map[j].host != NULL) { | 798 | j = 0; |
| 800 | i = j + 1; | 799 | else |
| 801 | continue; | 800 | j++; |
| 802 | } | 801 | |
| 803 | found = i; | 802 | if (j == count) { |
| 804 | break; | 803 | found = i - count + 1; |
| 804 | break; | ||
| 805 | } | ||
| 805 | } | 806 | } |
| 806 | if (found == NO_IRQ) { | 807 | if (found == NO_IRQ) { |
| 807 | spin_unlock_irqrestore(&irq_big_lock, flags); | 808 | spin_unlock_irqrestore(&irq_big_lock, flags); |