> This code dereferences user supplied pointers directly instead of doing
> a copy_from_user(). Some kernel configs put user and kernel memory in
> different address spaces so this code isn't portable. Also the user
> memory could be swapped out or in this case the pointer could just be
> NULL leading to an oops.
>
> Another thing is that it makes permission tests like this sort of
> meaningless.
> if (minor == STREAM_MODULE && rec_mute->stream_id == 0) {
> retval = -EPERM;
> break;
> }
> The user could set stream_id to 1 for the test and then change it later.
>
> Signed-off-by: Dan Carpenter <error27@xxxxxxxxx>
Acked-by: Vinod Koul <vinod.koul@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
