Commit caaeb09a authored by Tomas Winkler's avatar Tomas Winkler Committed by Greg Kroah-Hartman

mei: mei_cl_link protect open_handle_count from overflow

mei_cl_link is called both from mei_open and also from
in-kernel drivers so we need to protect open_handle_count
from overflow
Signed-off-by: default avatarTomas Winkler <tomas.winkler@intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 4a10c2ac
...@@ -287,6 +287,12 @@ int mei_cl_link(struct mei_cl *cl, int id) ...@@ -287,6 +287,12 @@ int mei_cl_link(struct mei_cl *cl, int id)
return -ENOENT; return -ENOENT;
} }
if (dev->open_handle_count >= MEI_MAX_OPEN_HANDLE_COUNT) {
dev_err(&dev->pdev->dev, "open_handle_count exceded %d",
MEI_MAX_OPEN_HANDLE_COUNT);
return -ENOENT;
}
dev->open_handle_count++; dev->open_handle_count++;
cl->host_client_id = id; cl->host_client_id = id;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment