On 04/01/2018 11:11 AM, Linus Torvalds wrote:
On Sat, Mar 31, 2018 at 9:53 PM, Rob Gardner <rob.gardner@xxxxxxxxxx> wrote:
Signed-off-by: Rob Gardner <rob.gardner@xxxxxxxxxx>
Signed-off-by: Jonathan Helman <jonathan.helman@xxxxxxxxxx>
Reported-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
That Reported-by: should be "oguard <oguard@xxxxxxxxxxxxxx>"
I was just the messenger.
Linus
oguard observed "lack of size check on the copy_from_user", but that
wasn't really a bug since 'count' actually is checked in dax_write().
But you noticed that idx could be negative and idx + nccbs could
overflow, and this is a genuine bug that nobody else saw.
Rob
--
To unsubscribe from this list: send the line "unsubscribe sparclinux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
