On Thu, May 03, 2007 at 03:33:03AM +0800, WANG Cong wrote:
>Hi Rusty!
>
>I found you forgot to check the return value of copy_from_user, and here is the fix for drivers/lguest/interrupts_and_traps.c.
>
Also this one, in drivers/lguest/hypercalls.c.
Signed-off-by: WANG Cong <xiyou.wangcong@xxxxxxxxx>
---
--- linux-2.6.21-rc7-mm2/drivers/lguest/hypercalls.c.orig 2007-05-03 03:45:53.000000000 +0800
+++ linux-2.6.21-rc7-mm2/drivers/lguest/hypercalls.c 2007-05-03 03:46:20.000000000 +0800
@@ -102,7 +102,8 @@ static void do_async_hcalls(struct lgues
unsigned int i;
u8 st[LHCALL_RING_SIZE];
- copy_from_user(&st, &lg->lguest_data->hcall_status, sizeof(st));
+ if (copy_from_user(&st, &lg->lguest_data->hcall_status, sizeof(st)))
+ return;
for (i = 0; i < ARRAY_SIZE(st); i++) {
struct lguest_regs regs;
unsigned int n = lg->next_hcall;
_______________________________________________
Virtualization mailing list
Virtualization@xxxxxxxxxxxxxxxxxxxxxxxxxx
https://lists.linux-foundation.org/mailman/listinfo/virtualization
