On Mon, Feb 25, 2013 at 09:51:50AM +0000, Martyn Welch wrote: > On 23/02/13 17:53, ternaryd wrote: > > Hi, > > > > In vme.c, function vme_master_set(), vme_check_window() is called, > > where invalid restrictions are applied. In case of address space > > VME_A16, vme_base + size must not exceed VME_A16_MAX, which is defined > > in include/linux/vme.h to 0x10000ULL. The second test is never > > evaluated. > > > > The second test is probably redundant. No. Allowing invalid values is wrong. Even though I said it wasn't a security bug, what I should have said as well is that in the new trusted computing model it actually is a security problem. Root is only allowed to do whatever it wants unless secure boot is disabled in the BIOS. We really do need to handle integer overflows as an error here. regards, dan carpenter _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
