From: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Date: Sat, 27 Aug 2005 05:48:15 +0000 (+0100)
Subject: [PATCH] mmaper_kern.c fixes [buffer overruns]
X-Git-Tag: v2.6.13~10
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6a029a90f5b93e2b50bcbbaef05ef91fa0c1d6b3;p=pandora-kernel.git

[PATCH] mmaper_kern.c fixes [buffer overruns]

 - copy_from_user() can fail; ->write() must check its return value.

 - severe buffer overruns both in ->read() and ->write() - lseek to the
   end (i.e.  to mmapper_size) and

	if (count + *ppos > mmapper_size)
		count = count + *ppos - mmapper_size;

   will do absolutely nothing.  Then it will call

	copy_to_user(buf,&v_buf[*ppos],count);

   with obvious results (similar for ->write()).

   Fixed by turning read to simple_read_from_buffer() and by doing
   normal limiting of count in ->write().

 - gratitious lock_kernel() in ->mmap() - it's useless there.

 - lots of gratuitous includes.

Signed-off-by: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

Reading git-diff-tree failed