The patch titled
Subject: drivers/message/i2o/i2o_config.c: bound allocation
has been added to the -mm tree. Its filename is
drivers-message-i2o-i2o_configc-bound-allocation.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Alan Cox <alan@xxxxxxxxxxxxxxx>
Subject: drivers/message/i2o/i2o_config.c: bound allocation
Fix a case where users can try to allocate arbitarily large amounts of
memory. 64K is overkill for a config request so apply an upper bound.
Signed-off-by: Alan Cox <alan@xxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
drivers/message/i2o/i2o_config.c | 7 +++++++
1 file changed, 7 insertions(+)
diff -puN drivers/message/i2o/i2o_config.c~drivers-message-i2o-i2o_configc-bound-allocation drivers/message/i2o/i2o_config.c
--- a/drivers/message/i2o/i2o_config.c~drivers-message-i2o-i2o_configc-bound-allocation
+++ a/drivers/message/i2o/i2o_config.c
@@ -188,6 +188,13 @@ static int i2o_cfg_parms(unsigned long a
if (!dev)
return -ENXIO;
+ /*
+ * Stop users being able to try and allocate arbitary amounts
+ * of DMA space. 64K is way more than sufficient for this.
+ */
+ if (kcmd.oplen > 65536)
+ return -EMSGSIZE;
+
ops = memdup_user(kcmd.opbuf, kcmd.oplen);
if (IS_ERR(ops))
return PTR_ERR(ops);
_
Subject: Subject: drivers/message/i2o/i2o_config.c: bound allocation
Patches currently in -mm which might be from alan@xxxxxxxxxxxxxxx are
origin.patch
linux-next.patch
ppc-e500_tlb-memset-clears-nothing.patch
drivers-media-dvb-dvb-usb-az6007c-fix-incorrect-memcpy.patch
drivers-media-video-cx25821-cx25821-medusa-videoc-incorrect-check-on-decoder-type.patch
drivers-media-video-ov9640c-fix-missing-break.patch
fs-make-dumpable=2-require-fully-qualified-path.patch
coredump-warn-about-unsafe-suid_dumpable-core_pattern-combo.patch
kernel-sysc-avoid-argv_freenull.patch
drivers-message-i2o-i2o_procc-the-pointer-returned-from-chtostr-points-to-an-array-which-is-no-longer-valid.patch
drivers-message-i2o-i2o_configc-bound-allocation.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
