summaryrefslogtreecommitdiff
path: root/drivers/staging/ramster
diff options
context:
space:
mode:
authorDan Carpenter <dan.carpenter@oracle.com>2012-09-06 15:40:20 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2012-09-06 09:25:22 -0700
commitf0290de23de19b592b2934cdf21c0c0c2eb16500 (patch)
tree023beca4851a086625c2f8b404ee85a23e6cad75 /drivers/staging/ramster
parentd08d6cfe3b594b797e1204891613d1cdf70fb0c7 (diff)
staging: ramster: fix range checks in zcache_autocreate_pool()
If "pool_id" is negative then it leads to a read before the start of the array. If "cli_id" is out of bounds then it leads to a NULL dereference of "cli". GCC would have warned about that bug except that we initialized the warning message away. Also it's better to put the parameter names into the function declaration in the .h file. It serves as a kind of documentation. Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'drivers/staging/ramster')
-rw-r--r--drivers/staging/ramster/zcache-main.c10
-rw-r--r--drivers/staging/ramster/zcache.h2
2 files changed, 7 insertions, 5 deletions
diff --git a/drivers/staging/ramster/zcache-main.c b/drivers/staging/ramster/zcache-main.c
index 24b3d4a5e176..86e19d6d3b89 100644
--- a/drivers/staging/ramster/zcache-main.c
+++ b/drivers/staging/ramster/zcache-main.c
@@ -1338,10 +1338,10 @@ static int zcache_local_new_pool(uint32_t flags)
return zcache_new_pool(LOCAL_CLIENT, flags);
}
-int zcache_autocreate_pool(int cli_id, int pool_id, bool eph)
+int zcache_autocreate_pool(unsigned int cli_id, unsigned int pool_id, bool eph)
{
struct tmem_pool *pool;
- struct zcache_client *cli = NULL;
+ struct zcache_client *cli;
uint32_t flags = eph ? 0 : TMEM_POOL_PERSIST;
int ret = -1;
@@ -1350,8 +1350,10 @@ int zcache_autocreate_pool(int cli_id, int pool_id, bool eph)
goto out;
if (pool_id >= MAX_POOLS_PER_CLIENT)
goto out;
- else if ((unsigned int)cli_id < MAX_CLIENTS)
- cli = &zcache_clients[cli_id];
+ if (cli_id >= MAX_CLIENTS)
+ goto out;
+
+ cli = &zcache_clients[cli_id];
if ((eph && disable_cleancache) || (!eph && disable_frontswap)) {
pr_err("zcache_autocreate_pool: pool type disabled\n");
goto out;
diff --git a/drivers/staging/ramster/zcache.h b/drivers/staging/ramster/zcache.h
index c59666e6d717..81722b33b087 100644
--- a/drivers/staging/ramster/zcache.h
+++ b/drivers/staging/ramster/zcache.h
@@ -42,7 +42,7 @@ extern void zcache_decompress_to_page(char *, unsigned int, struct page *);
#ifdef CONFIG_RAMSTER
extern void *zcache_pampd_create(char *, unsigned int, bool, int,
struct tmem_handle *);
-extern int zcache_autocreate_pool(int, int, bool);
+int zcache_autocreate_pool(unsigned int cli_id, unsigned int pool_id, bool eph);
#endif
#define MAX_POOLS_PER_CLIENT 16