The patch titled lguest: fix array indexing check has been added to the -mm tree. Its filename is lguest-fix-array-indexing-check.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/SubmitChecklist when testing your code *** See http://userweb.kernel.org/~akpm/stuff/added-to-mm.txt to find out what to do about this The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: lguest: fix array indexing check From: Roel Kluin <roel.kluin@xxxxxxxxx> The check for an overindexing of cpu->arch.gdt[] has an off-by-one. Signed-off-by: Roel Kluin <roel.kluin@xxxxxxxxx> Cc: Rusty Russell <rusty@xxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- drivers/lguest/segments.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff -puN drivers/lguest/segments.c~lguest-fix-array-indexing-check drivers/lguest/segments.c --- a/drivers/lguest/segments.c~lguest-fix-array-indexing-check +++ a/drivers/lguest/segments.c @@ -150,7 +150,7 @@ void load_guest_gdt_entry(struct lg_cpu { /* We assume the Guest has the same number of GDT entries as the * Host, otherwise we'd have to dynamically allocate the Guest GDT. */ - if (num > ARRAY_SIZE(cpu->arch.gdt)) + if (num >= ARRAY_SIZE(cpu->arch.gdt)) kill_guest(cpu, "too many gdt entries %i", num); /* Set it up, then fix it. */ _ Patches currently in -mm which might be from roel.kluin@xxxxxxxxx are linux-next.patch s3c-fix-check-of-index-into-s3c_gpios.patch drm-fix-lock_test_with_return-macro.patch v4l-dvb-cimax2c-fix-typo.patch zoran-fix-error.patch uwb-event_size-should-be-signed.patch irda-count-reaches-1.patch scsi-ncr53c8xx-div-reaches-1.patch scsi-pcmcia-nsp_cs-time_out-reaches-1.patch wis-sony-tunerc-typo.patch otus-80211core-coidc-fix-array-range-check.patch lguest-fix-array-indexing-check.patch frv-duplicate-output_buffer-of-e03.patch frv-duplicate-output_buffer-of-e03-checkpatch-fixes.patch sh-fix-access-beyond-array_size-of-onchip_ops.patch alpha-bad-macro-expansion-parameter-is-member.patch m68k-count-can-reach-51-not-50.patch m68k-cnt-reaches-1-not-0.patch uml-bad-macro-expansion-parameter-is-member.patch serial-z85c30-bcm1480-loops-reach-1.patch drivers-serial-mpc52xx_uartc-fix-array-overindexing-check.patch spi_bfin5xx-limit-reaches-1.patch carminefb-fix-possible-access-beyond-end-of-carmine_modedb.patch ufs-sector_t-cannot-be-negative.patch dtlk-off-by-one-in-readwrite_tts.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html