Hollis Blanchard <hollisb@us.ibm.com> writes:
[snip]
> I believe the attached patch fixes it. cm_write was calling access_ok,
> but after that you must still access user space through the
> get/put/copy*_user functions. It should be safe to return -EFAULT at
> these points in cm_write, since there are other returns already in the
> code above and below that. Compile-tested only.
[snip]
> --- linux-2.5.70/sound/oss/cmpci.c.orig Sat May 24 19:00:00 2003
> +++ linux-2.5.70/sound/oss/cmpci.c Wed May 28 14:53:15 2003
> @@ -580,15 +580,17 @@
> spin_unlock_irqrestore(&s->lock, flags);
> }
>
> -static void trans_ac3(struct cm_state *s, void *dest, const char *source, int size)
> +static int trans_ac3(struct cm_state *s, void *dest, const char *source, int size)
Shouldn't 'source' get the new __user annotation, then:
const char * __user source
IIRC.
> {
> int i = size / 2;
> + int err;
> unsigned long data;
> unsigned long *dst = (unsigned long *) dest;
> unsigned short *src = (unsigned short *)source;
Likewise with 'src'.
- Hari
-- Raja R Harinath ------------------------------ harinath@cs.umn.edu- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/