Commit 5962b35c authored by Neil Horman's avatar Neil Horman Committed by David S. Miller

netprio_cgroup: Fix obo in get_prioidx

It was recently pointed out to me that the get_prioidx function sets a bit in
the prioidx map prior to checking to see if the index being set is out of
bounds.  This patch corrects that, avoiding the possiblity of us writing beyond
the end of the array
Signed-off-by: default avatarNeil Horman <nhorman@tuxdriver.com>
Reported-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
CC: Stanislaw Gruszka <sgruszka@redhat.com>
CC: "David S. Miller" <davem@davemloft.net>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1715322f
...@@ -58,11 +58,12 @@ static int get_prioidx(u32 *prio) ...@@ -58,11 +58,12 @@ static int get_prioidx(u32 *prio)
spin_lock_irqsave(&prioidx_map_lock, flags); spin_lock_irqsave(&prioidx_map_lock, flags);
prioidx = find_first_zero_bit(prioidx_map, sizeof(unsigned long) * PRIOIDX_SZ); prioidx = find_first_zero_bit(prioidx_map, sizeof(unsigned long) * PRIOIDX_SZ);
if (prioidx == sizeof(unsigned long) * PRIOIDX_SZ) {
spin_unlock_irqrestore(&prioidx_map_lock, flags);
return -ENOSPC;
}
set_bit(prioidx, prioidx_map); set_bit(prioidx, prioidx_map);
spin_unlock_irqrestore(&prioidx_map_lock, flags); spin_unlock_irqrestore(&prioidx_map_lock, flags);
if (prioidx == sizeof(unsigned long) * PRIOIDX_SZ)
return -ENOSPC;
atomic_set(&max_prioidx, prioidx); atomic_set(&max_prioidx, prioidx);
*prio = prioidx; *prio = prioidx;
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment