The event channel number provided to evtchn_get can be provided by
userspace, so needs to be checked against the maximum number of event
channels prior to using it to index into evtchn_to_irq.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
drivers/xen/events.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/xen/events.c b/drivers/xen/events.c
index a3bcd61..e5e5812 100644
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -1104,6 +1104,9 @@ int evtchn_get(unsigned int evtchn)
struct irq_info *info;
int err = -ENOENT;
+ if (evtchn >= NR_EVENT_CHANNELS)
+ return -EINVAL;
+
mutex_lock(&irq_mapping_update_lock);
irq = evtchn_to_irq[evtchn];
--
1.7.7.3
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel
userspace, so needs to be checked against the maximum number of event
channels prior to using it to index into evtchn_to_irq.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
drivers/xen/events.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/xen/events.c b/drivers/xen/events.c
index a3bcd61..e5e5812 100644
--- a/drivers/xen/events.c
+++ b/drivers/xen/events.c
@@ -1104,6 +1104,9 @@ int evtchn_get(unsigned int evtchn)
struct irq_info *info;
int err = -ENOENT;
+ if (evtchn >= NR_EVENT_CHANNELS)
+ return -EINVAL;
+
mutex_lock(&irq_mapping_update_lock);
irq = evtchn_to_irq[evtchn];
--
1.7.7.3
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xensource.com
http://lists.xensource.com/xen-devel