aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/firewire
diff options
context:
space:
mode:
authorStefan Richter <stefanr@s5r6.in-berlin.de>2008-12-14 13:21:01 -0500
committerStefan Richter <stefanr@s5r6.in-berlin.de>2009-03-24 15:56:38 -0400
commit3e0b5f0d7cb5fef402517e41eebff5a0f0e65a13 (patch)
treeb712284afebff56dd2e104242f4e6665aaf6c8e4 /drivers/firewire
parent45ee3199eb3e4233b755a9bb353a0527a4c58b5f (diff)
firewire: cdev: address handler input validation
Like before my commit 1415d9189e8c59aa9c77a3bba419dcea062c145f, fw_core_add_address_handler() does not align the address region now. Instead the caller is required to pass valid parameters. Since one of the callers of fw_core_add_address_handler() is the cdev userspace interface, we now check for valid input. If the client is buggy, we give it a hint with -EINVAL. Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat (limited to 'drivers/firewire')
-rw-r--r--drivers/firewire/fw-cdev.c5
-rw-r--r--drivers/firewire/fw-transaction.c27
2 files changed, 21 insertions, 11 deletions
diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c
index 094aee5c8bcf..44af45205dcd 100644
--- a/drivers/firewire/fw-cdev.c
+++ b/drivers/firewire/fw-cdev.c
@@ -591,9 +591,10 @@ static int ioctl_allocate(struct client *client, void *buffer)
591 handler->closure = request->closure; 591 handler->closure = request->closure;
592 handler->client = client; 592 handler->client = client;
593 593
594 if (fw_core_add_address_handler(&handler->handler, &region) < 0) { 594 ret = fw_core_add_address_handler(&handler->handler, &region);
595 if (ret < 0) {
595 kfree(handler); 596 kfree(handler);
596 return -EBUSY; 597 return ret;
597 } 598 }
598 599
599 handler->resource.release = release_address_handler; 600 handler->resource.release = release_address_handler;
diff --git a/drivers/firewire/fw-transaction.c b/drivers/firewire/fw-transaction.c
index 699ac041f39a..12a6cdcb4475 100644
--- a/drivers/firewire/fw-transaction.c
+++ b/drivers/firewire/fw-transaction.c
@@ -449,16 +449,19 @@ const struct fw_address_region fw_unit_space_region =
449#endif /* 0 */ 449#endif /* 0 */
450 450
451/** 451/**
452 * Allocate a range of addresses in the node space of the OHCI 452 * fw_core_add_address_handler - register for incoming requests
453 * controller. When a request is received that falls within the 453 * @handler: callback
454 * specified address range, the specified callback is invoked. The 454 * @region: region in the IEEE 1212 node space address range
455 * parameters passed to the callback give the details of the 455 *
456 * particular request. 456 * region->start, ->end, and handler->length have to be quadlet-aligned.
457 *
458 * When a request is received that falls within the specified address range,
459 * the specified callback is invoked. The parameters passed to the callback
460 * give the details of the particular request.
457 * 461 *
458 * Return value: 0 on success, non-zero otherwise. 462 * Return value: 0 on success, non-zero otherwise.
459 * The start offset of the handler's address region is determined by 463 * The start offset of the handler's address region is determined by
460 * fw_core_add_address_handler() and is returned in handler->offset. 464 * fw_core_add_address_handler() and is returned in handler->offset.
461 * The offset is quadlet-aligned.
462 */ 465 */
463int 466int
464fw_core_add_address_handler(struct fw_address_handler *handler, 467fw_core_add_address_handler(struct fw_address_handler *handler,
@@ -468,17 +471,23 @@ fw_core_add_address_handler(struct fw_address_handler *handler,
468 unsigned long flags; 471 unsigned long flags;
469 int ret = -EBUSY; 472 int ret = -EBUSY;
470 473
474 if (region->start & 0xffff000000000003ULL ||
475 region->end & 0xffff000000000003ULL ||
476 region->start >= region->end ||
477 handler->length & 3 ||
478 handler->length == 0)
479 return -EINVAL;
480
471 spin_lock_irqsave(&address_handler_lock, flags); 481 spin_lock_irqsave(&address_handler_lock, flags);
472 482
473 handler->offset = roundup(region->start, 4); 483 handler->offset = region->start;
474 while (handler->offset + handler->length <= region->end) { 484 while (handler->offset + handler->length <= region->end) {
475 other = 485 other =
476 lookup_overlapping_address_handler(&address_handler_list, 486 lookup_overlapping_address_handler(&address_handler_list,
477 handler->offset, 487 handler->offset,
478 handler->length); 488 handler->length);
479 if (other != NULL) { 489 if (other != NULL) {
480 handler->offset = 490 handler->offset += other->length;
481 roundup(other->offset + other->length, 4);
482 } else { 491 } else {
483 list_add_tail(&handler->link, &address_handler_list); 492 list_add_tail(&handler->link, &address_handler_list);
484 ret = 0; 493 ret = 0;