6a029a90f5
- copy_from_user() can fail; ->write() must check its return value. - severe buffer overruns both in ->read() and ->write() - lseek to the end (i.e. to mmapper_size) and if (count + *ppos > mmapper_size) count = count + *ppos - mmapper_size; will do absolutely nothing. Then it will call copy_to_user(buf,&v_buf[*ppos],count); with obvious results (similar for ->write()). Fixed by turning read to simple_read_from_buffer() and by doing normal limiting of count in ->write(). - gratitious lock_kernel() in ->mmap() - it's useless there. - lots of gratuitous includes. Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk> Signed-off-by: Linus Torvalds <torvalds@osdl.org> |
||
---|---|---|
.. | ||
drivers | ||
include | ||
kernel | ||
os-Linux | ||
scripts | ||
sys-i386 | ||
sys-ia64 | ||
sys-ppc | ||
sys-x86_64 | ||
util | ||
config.release | ||
defconfig | ||
Kconfig | ||
Kconfig_char | ||
Kconfig_i386 | ||
Kconfig_net | ||
Kconfig_scsi | ||
Kconfig_x86_64 | ||
Kconfig.debug | ||
Makefile | ||
Makefile-i386 | ||
Makefile-ia64 | ||
Makefile-os-Linux | ||
Makefile-ppc | ||
Makefile-skas | ||
Makefile-tt | ||
Makefile-x86_64 |