On Thu, May 03, 2007 at 03:33:03AM +0800, WANG Cong wrote:
>Hi Rusty!
>
>I found you forgot to check the return value of copy_from_user, and here is
>the fix for drivers/lguest/interrupts_and_traps.c.
>
Also this one, in drivers/lguest/hypercalls.c.
Signed-off-by: WANG Cong <[EMAIL PROTECTED]>
---
--- linux-2.6.21-rc7-mm2/drivers/lguest/hypercalls.c.orig 2007-05-03
03:45:53.000000000 +0800
+++ linux-2.6.21-rc7-mm2/drivers/lguest/hypercalls.c 2007-05-03
03:46:20.000000000 +0800
@@ -102,7 +102,8 @@ static void do_async_hcalls(struct lgues
unsigned int i;
u8 st[LHCALL_RING_SIZE];
- copy_from_user(&st, &lg->lguest_data->hcall_status, sizeof(st));
+ if (copy_from_user(&st, &lg->lguest_data->hcall_status, sizeof(st)))
+ return;
for (i = 0; i < ARRAY_SIZE(st); i++) {
struct lguest_regs regs;
unsigned int n = lg->next_hcall;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
