@@ -286,16 +286,12 @@ void opal_notifier_disable(void)
int opal_message_notifier_register(enum OpalMessageType msg_type,
struct notifier_block *nb)
{
- if (!nb) {
- pr_warning("%s: Invalid argument (%p)\n",
- __func__, nb);
- return -EINVAL;
- }
- if (msg_type > OPAL_MSG_TYPE_MAX) {
- pr_warning("%s: Invalid message type argument (%d)\n",
+ if (!nb || msg_type >= OPAL_MSG_TYPE_MAX) {
+ pr_warning("%s: Invalid arguments, msg_type:%d\n",
__func__, msg_type);
return -EINVAL;
}
+
return atomic_notifier_chain_register(
&opal_msg_notifier_head[msg_type], nb);
}
@@ -332,7 +328,7 @@ static void opal_handle_message(void)
type = be32_to_cpu(msg.msg_type);
/* Sanity check */
- if (type > OPAL_MSG_TYPE_MAX) {
+ if (type >= OPAL_MSG_TYPE_MAX) {
pr_warning("%s: Unknown message type: %u\n", __func__, type);
return;
}
This is a note to let you know that I have just added a patch titled powerpc/powernv: Fix the overflow of OPAL message notifiers head array to the linux-3.16.y-queue branch of the 3.16.y-ckt extended stable tree which can be found at: http://kernel.ubuntu.com/git/ubuntu/linux.git/log/?h=linux-3.16.y-queue This patch is scheduled to be released in version 3.16.7-ckt23. If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.16.y-ckt tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ---8<------------------------------------------------------------ From ae47a7c64df4b45ed475805eaaf2eef012e333cb Mon Sep 17 00:00:00 2001 From: Neelesh Gupta <neelegup@linux.vnet.ibm.com> Date: Wed, 11 Feb 2015 11:57:06 +0530 Subject: powerpc/powernv: Fix the overflow of OPAL message notifiers head array commit 792f96e9a769b799a2944e9369e4ea1e467135b2 upstream. Fixes the condition check of incoming message type which can otherwise shoot beyond the message notifiers head array. Signed-off-by: Neelesh Gupta <neelegup@linux.vnet.ibm.com> Reviewed-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> Reviewed-by: Anshuman Khandual <khandual@linux.vnet.ibm.com> Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> --- arch/powerpc/platforms/powernv/opal.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-)