diff options
| author | Luka Perkov <luka@openwrt.org> | 2014-06-29 23:29:57 +0000 |
|---|---|---|
| committer | Luka Perkov <luka@openwrt.org> | 2014-06-29 23:29:57 +0000 |
| commit | 2397978836e003e55cd5a66d4025efc262467a79 (patch) | |
| tree | b3616bb4a167d8e900e0b04f44eab8f1760a6815 /target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch | |
| parent | ba967cd842e5d7425d6cc4e7e1584b7f000a5d86 (diff) | |
| download | upstream-2397978836e003e55cd5a66d4025efc262467a79.tar.gz upstream-2397978836e003e55cd5a66d4025efc262467a79.tar.bz2 upstream-2397978836e003e55cd5a66d4025efc262467a79.zip | |
mvebu: drop 3.10 support
Signed-off-by: Luka Perkov <luka@openwrt.org>
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@41406 3c298f89-4303-0410-b956-a3cf2f4a3e73
Diffstat (limited to 'target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch')
| -rw-r--r-- | target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch | 52 |
1 files changed, 0 insertions, 52 deletions
diff --git a/target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch b/target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch deleted file mode 100644 index 9c7908d7b9..0000000000 --- a/target/linux/mvebu/patches-3.10/0191-of-irq-Fix-potential-buffer-overflow.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 5a1bd82f089e19ba049a871a0d5538ed9eb5e5cd Mon Sep 17 00:00:00 2001 -From: Grant Likely <grant.likely@linaro.org> -Date: Thu, 19 Dec 2013 09:31:02 -0300 -Subject: [PATCH 191/203] of/irq: Fix potential buffer overflow - -Commit 2361613206e6, "of/irq: Refactor interrupt-map parsing" introduced -a potential buffer overflow bug because it doesn't do sufficient range -checking on the input data. This patch adds the appropriate checking and -buffer size adjustments. If the bounds are out of range then warn -loudly. MAX_PHANDLE_ARGS should be sufficient. If it is not then the -value can be increased. - -Signed-off-by: Grant Likely <grant.likely@linaro.org> -Cc: Rob Herring <rob.herring@calxeda.com> ---- - drivers/of/irq.c | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) - ---- a/drivers/of/irq.c -+++ b/drivers/of/irq.c -@@ -95,9 +95,9 @@ struct device_node *of_irq_find_parent(s - int of_irq_parse_raw(const __be32 *addr, struct of_phandle_args *out_irq) - { - struct device_node *ipar, *tnode, *old = NULL, *newpar = NULL; -- __be32 initial_match_array[8]; -+ __be32 initial_match_array[MAX_PHANDLE_ARGS]; - const __be32 *match_array = initial_match_array; -- const __be32 *tmp, *imap, *imask, dummy_imask[] = { ~0, ~0, ~0, ~0, ~0 }; -+ const __be32 *tmp, *imap, *imask, dummy_imask[] = { [0 ... MAX_PHANDLE_ARGS] = ~0 }; - u32 intsize = 1, addrsize, newintsize = 0, newaddrsize = 0; - int imaplen, match, i; - -@@ -147,6 +147,10 @@ int of_irq_parse_raw(const __be32 *addr, - - pr_debug(" -> addrsize=%d\n", addrsize); - -+ /* Range check so that the temporary buffer doesn't overflow */ -+ if (WARN_ON(addrsize + intsize > MAX_PHANDLE_ARGS)) -+ goto fail; -+ - /* Precalculate the match array - this simplifies match loop */ - for (i = 0; i < addrsize; i++) - initial_match_array[i] = addr ? addr[i] : 0; -@@ -229,6 +233,8 @@ int of_irq_parse_raw(const __be32 *addr, - newintsize, newaddrsize); - - /* Check for malformed properties */ -+ if (WARN_ON(newaddrsize + newintsize > MAX_PHANDLE_ARGS)) -+ goto fail; - if (imaplen < (newaddrsize + newintsize)) - goto fail; - |