This comment describes a security problem which was fixed in commit
1c954540c0eb ("staging: vchiq: avoid mixing kernel and user pointers").
The bug is fixed now so the FIXME can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
---
.../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index f500a7043805..54770a9b4735 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -999,13 +999,6 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
userdata = &waiter->bulk_waiter;
}
- /*
- * FIXME address space mismatch:
- * args->data may be interpreted as a kernel pointer
- * in create_pagelist() called from vchiq_bulk_transfer(),
- * accessing kernel data instead of user space, based on the
- * address.
- */
status = vchiq_bulk_transfer(args->handle, NULL, args->data, args->size,
userdata, args->mode, dir);
--
2.29.2
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
