Re: [PATCH] Chardev checking of overlapping ranges is incorrect.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 7 Aug 2006 17:55:55 -0500
[email protected] (Linas Vepstas) wrote:

> The current code in register_chrdev_region() attempts to check 
> for overlapping regions of minor device numbers, but performs 
> that check incorrectly. For example, if a device with minor 
> numbers 128, 129, 130 is registered first, and a device with 
> minor number 3,4,5 is registered later, then the later range
> is incorrectly identified as "overlapping" (since 130>3), 
> when clearly this is the wrong conclusion.
> 
> This patch fixes the overlap check to work correctly.


I yesterday merged the below.   Do you agree that it will fix the bug?


From: Amos Waterland <[email protected]>

The code in __register_chrdev_region checks that if the driver wishing to
register has the same major as an existing driver the new minor range is
strictly less than the existing minor range.  However, it does not also
check that the new minor range is strictly greater than the existing minor
range.  That is, if driver X has registered with major=x and minor=0-3,
__register_chrdev_region will allow driver Y to register with major=x and
minor=1-4.

I came across this in the context of the Xen virtual console driver, but I
imagine it causes a problem for any driver with the same major number but
different minor numbers as a driver that has registered ahead of it.

Signed-off-by: Amos Waterland <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
---


diff -puN fs/char_dev.c~fix-bounds-check-bug-in-__register_chrdev_region fs/char_dev.c
--- a/fs/char_dev.c~fix-bounds-check-bug-in-__register_chrdev_region
+++ a/fs/char_dev.c
@@ -109,10 +109,13 @@ __register_chrdev_region(unsigned int ma
 
 	for (cp = &chrdevs[i]; *cp; cp = &(*cp)->next)
 		if ((*cp)->major > major ||
-		    ((*cp)->major == major && (*cp)->baseminor >= baseminor))
+		    ((*cp)->major == major &&
+		     (((*cp)->baseminor >= baseminor) ||
+		      ((*cp)->baseminor + (*cp)->minorct > baseminor))))
 			break;
 	if (*cp && (*cp)->major == major &&
-	    (*cp)->baseminor < baseminor + minorct) {
+	    (((*cp)->baseminor < baseminor + minorct) ||
+	     ((*cp)->baseminor + (*cp)->minorct > baseminor))) {
 		ret = -EBUSY;
 		goto out;
 	}
_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux