[PATCH 3.16.y-ckt 071/128] powerpc/powernv: Fix the overflow of OPAL message notifiers head array
From: Luis Henriques
Date: Sun Jan 24 2016 - 17:04:23 EST
3.16.7-ckt23 -stable review patch. If anyone has any objections, please let me know.
---8<------------------------------------------------------------
From: Neelesh Gupta <neelegup@xxxxxxxxxxxxxxxxxx>
commit 792f96e9a769b799a2944e9369e4ea1e467135b2 upstream.
Fixes the condition check of incoming message type which can
otherwise shoot beyond the message notifiers head array.
Signed-off-by: Neelesh Gupta <neelegup@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Vasant Hegde <hegdevasant@xxxxxxxxxxxxxxxxxx>
Reviewed-by: Anshuman Khandual <khandual@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Benjamin Herrenschmidt <benh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Luis Henriques <luis.henriques@xxxxxxxxxxxxx>
---
arch/powerpc/platforms/powernv/opal.c | 12 ++++--------
1 file changed, 4 insertions(+), 8 deletions(-)
diff --git a/arch/powerpc/platforms/powernv/opal.c b/arch/powerpc/platforms/powernv/opal.c
index 199975613fe9..d5e5794db989 100644
--- a/arch/powerpc/platforms/powernv/opal.c
+++ b/arch/powerpc/platforms/powernv/opal.c
@@ -286,16 +286,12 @@ void opal_notifier_disable(void)
int opal_message_notifier_register(enum OpalMessageType msg_type,
struct notifier_block *nb)
{
- if (!nb) {
- pr_warning("%s: Invalid argument (%p)\n",
- __func__, nb);
- return -EINVAL;
- }
- if (msg_type > OPAL_MSG_TYPE_MAX) {
- pr_warning("%s: Invalid message type argument (%d)\n",
+ if (!nb || msg_type >= OPAL_MSG_TYPE_MAX) {
+ pr_warning("%s: Invalid arguments, msg_type:%d\n",
__func__, msg_type);
return -EINVAL;
}
+
return atomic_notifier_chain_register(
&opal_msg_notifier_head[msg_type], nb);
}
@@ -332,7 +328,7 @@ static void opal_handle_message(void)
type = be32_to_cpu(msg.msg_type);
/* Sanity check */
- if (type > OPAL_MSG_TYPE_MAX) {
+ if (type >= OPAL_MSG_TYPE_MAX) {
pr_warning("%s: Unknown message type: %u\n", __func__, type);
return;
}