[PATCH] PCI Hotplug core bugfix

From: Greg KH (greg@kroah.com)
Date: Tue Nov 20 2001 - 01:19:03 EST

Next message: Joe: "Re: 2.4.14 cpia driver IS broke"
Previous message: H. Peter Anvin: "Re: Linux can use a mountpoint for 2 Filesystems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Here's a patch against 2.4.15-pre7 that fixes a potential overflow
problem in the PCI Hotplug core code. Thanks to Andrew Morton for
pointing this out to me.

thanks,

greg k-h

diff --minimal -Nru a/drivers/hotplug/pci_hotplug_core.c b/drivers/hotplug/pci_hotplug_core.c
--- a/drivers/hotplug/pci_hotplug_core.c Mon Nov 19 20:55:21 2001
+++ b/drivers/hotplug/pci_hotplug_core.c Mon Nov 19 20:55:21 2001
@@ -622,7 +622,7 @@
static ssize_t power_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
         struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
         unsigned long lpower;
         u8 power;
         int retval = 0;
@@ -639,10 +639,11 @@
                 return -ENODEV;
         }

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
         if (!buff)
                 return -ENOMEM;
-
+ memset (buff, 0x00, count + 1);
+
         if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
                 retval = -EFAULT;
                 goto exit;
@@ -732,7 +733,7 @@
static ssize_t attention_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
         struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
         unsigned long lattention;
         u8 attention;
         int retval = 0;
@@ -749,9 +750,10 @@
                 return -ENODEV;
         }

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
         if (!buff)
                 return -ENOMEM;
+ memset (buff, 0x00, count + 1);

         if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
                 retval = -EFAULT;
@@ -868,7 +870,7 @@
static ssize_t test_write_file (struct file *file, const char *ubuff, size_t count, loff_t *offset)
{
         struct hotplug_slot *slot = file->private_data;
- const char *buff;
+ char *buff;
         unsigned long ltest;
         u32 test;
         int retval = 0;
@@ -885,9 +887,10 @@
                 return -ENODEV;
         }

- buff = kmalloc (count, GFP_KERNEL);
+ buff = kmalloc (count + 1, GFP_KERNEL);
         if (!buff)
                 return -ENOMEM;
+ memset (buff, 0x00, count + 1);

         if (copy_from_user ((void *)buff, (void *)ubuff, count)) {
                 retval = -EFAULT;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joe: "Re: 2.4.14 cpia driver IS broke"
Previous message: H. Peter Anvin: "Re: Linux can use a mountpoint for 2 Filesystems"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Nov 23 2001 - 21:00:22 EST