diff options
author | Jean Delvare <jdelvare@suse.de> | 2018-09-26 18:07:10 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-09-28 10:27:26 -0700 |
commit | 048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9 (patch) | |
tree | 41815bbe3107dd8e9647df90df1332e8218d8f9e /drivers/s390/net/qeth_core_mpc.h | |
parent | 065a2cdcbdf8eb9aefb66e1a24b2d684b8b8852b (diff) | |
download | lwn-048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9.tar.gz lwn-048a7f8b4ec085d5c56ad4a3bf450389a4aed5f9.zip |
s390: qeth: Fix potential array overrun in cmd/rc lookup
Functions qeth_get_ipa_msg and qeth_get_ipa_cmd_name are modifying
the last member of global arrays without any locking that I can see.
If two instances of either function are running at the same time,
it could cause a race ultimately leading to an array overrun (the
contents of the last entry of the array is the only guarantee that
the loop will ever stop).
Performing the lookups without modifying the arrays is admittedly
slower (two comparisons per iteration instead of one) but these
are operations which are rare (should only be needed in error
cases or when debugging, not during successful operation) and it
seems still less costly than introducing a mutex to protect the
arrays in question.
As a side bonus, it allows us to declare both arrays as const data.
Signed-off-by: Jean Delvare <jdelvare@suse.de>
Cc: Julian Wiedmann <jwi@linux.ibm.com>
Cc: Ursula Braun <ubraun@linux.ibm.com>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Julian Wiedmann <jwi@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/s390/net/qeth_core_mpc.h')
-rw-r--r-- | drivers/s390/net/qeth_core_mpc.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/s390/net/qeth_core_mpc.h b/drivers/s390/net/qeth_core_mpc.h index aa8b9196b089..aa5de1fe01e1 100644 --- a/drivers/s390/net/qeth_core_mpc.h +++ b/drivers/s390/net/qeth_core_mpc.h @@ -797,8 +797,8 @@ enum qeth_ipa_arp_return_codes { QETH_IPA_ARP_RC_Q_NO_DATA = 0x0008, }; -extern char *qeth_get_ipa_msg(enum qeth_ipa_return_codes rc); -extern char *qeth_get_ipa_cmd_name(enum qeth_ipa_cmds cmd); +extern const char *qeth_get_ipa_msg(enum qeth_ipa_return_codes rc); +extern const char *qeth_get_ipa_cmd_name(enum qeth_ipa_cmds cmd); #define QETH_SETASS_BASE_LEN (sizeof(struct qeth_ipacmd_hdr) + \ sizeof(struct qeth_ipacmd_setassparms_hdr)) |