diff mbox series

usb: gadget: function: rndis: limit # of RNDIS instances to 1000

Message ID a8180973-3ded-3644-585a-169589a37642@omp.ru
State New
Headers show
Series usb: gadget: function: rndis: limit # of RNDIS instances to 1000 | expand

Commit Message

Sergey Shtylyov Aug. 23, 2022, 8:53 p.m. UTC
As follows from #define NAME_TEMPLATE, the procfs code in the RNDIS driver
expects the # of instances to be 3-digit decimal, while the driver calls
ida_simple_get() passing 0 as the 'end' argument which results in actual
max instance # of INT_MAX.  Limit the maximum # of RNDIS instances to 1000
which is still a lot! :-)

Found by Linux Verification Center (linuxtesting.org) with the SVACE static
analysis tool.

Signed-off-by: Sergey Shtylyov <s.shtylyov@omp.ru>

---
This patch is against the 'next' branch of Felipe Balbi's 'usb.git' repo...

 drivers/usb/gadget/function/rndis.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

Index: usb/drivers/usb/gadget/function/rndis.c
===================================================================
--- usb.orig/drivers/usb/gadget/function/rndis.c
+++ usb/drivers/usb/gadget/function/rndis.c
@@ -865,7 +865,7 @@  EXPORT_SYMBOL_GPL(rndis_msg_parser);
 
 static inline int rndis_get_nr(void)
 {
-	return ida_simple_get(&rndis_ida, 0, 0, GFP_KERNEL);
+	return ida_simple_get(&rndis_ida, 0, 1000, GFP_KERNEL);
 }
 
 static inline void rndis_put_nr(int nr)