• Jean Delvare's avatar
    s390: qeth: Fix potential array overrun in cmd/rc lookup · 048a7f8b
    Jean Delvare authored
    Functions qeth_get_ipa_msg and qeth_get_ipa_cmd_name are modifying
    the last member of global arrays without any locking that I can see.
    If two instances of either function are running at the same time,
    it could cause a race ultimately leading to an array overrun (the
    contents of the last entry of the array is the only guarantee that
    the loop will ever stop).
    
    Performing the lookups without modifying the arrays is admittedly
    slower (two comparisons per iteration instead of one) but these
    are operations which are rare (should only be needed in error
    cases or when debugging, not during successful operation) and it
    seems still less costly than introducing a mutex to protect the
    arrays in question.
    
    As a side bonus, it allows us to declare both arrays as const data.
    Signed-off-by: default avatarJean Delvare <jdelvare@suse.de>
    Cc: Julian Wiedmann <jwi@linux.ibm.com>
    Cc: Ursula Braun <ubraun@linux.ibm.com>
    Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
    Cc: Heiko Carstens <heiko.carstens@de.ibm.com>
    Signed-off-by: default avatarJulian Wiedmann <jwi@linux.ibm.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    048a7f8b
qeth_core_main.c 181 KB