On Sun, May 11, 2014 at 02:50:06PM +0200, Jann Horn wrote:
> On Sat, May 10, 2014 at 12:32:46PM -0700, Josh Triplett wrote:
> > On Sat, May 10, 2014 at 09:07:42AM +0200, Jann Horn wrote:
> > > On Fri, May 09, 2014 at 12:19:16PM -0700, Josh Triplett wrote:
> > > > + if (port > 65535)
> > > > + return 0;
> > > > + switch (count) {
> > > [...]
> > > > + case 4:
> > > > + if (__put_user(inl(port), buf) < 0)
> > > > + return -EFAULT;
> > >
> > > What if I attempt a four-byte read at 65535? That would access four
> > > out-of-bounds bytes, right?
> >
> > No, it would do an ind instruction on port 65535.
>
> Yes, on x86. What about other architectures?
That's a good point; on architectures that map I/O to memory, this
device should check port+count rather than port. Is there a reliable
#define that identifies architectures with that property, other than
CONFIG_X86?
- Josh Triplett
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
