Re: [PATCH]microcode update driver rewrite - takes 2

From: Shaohua Li
Date: Thu Jun 29 2006 - 05:16:25 EST

Next message: Andrew Morton: "Re: i386 IPI handlers running with hardirq_count == 0"
Previous message: Benjamin Herrenschmidt: "Re: Please pull from 'for_paulus' branch of powerpc"
In reply to: Jan Beulich: "Re: [PATCH]microcode update driver rewrite - takes 2"
Next in thread: Jan Beulich: "Re: [PATCH]microcode update driver rewrite - takes 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2006-06-29 at 11:03 +0200, Jan Beulich wrote:
> I'm not having a problem removing the messages if the current state can be obtained
> elsewhere.
>
> Looking at the patch I see at least one problem (in more than one place) - before
> accessing data, you should check that the relevant piece to be read is entirely within
> range. You should not (as done at least once) rely on copy_from_user() failing - the
> data may be readable, but out of bounds wrt. the information in the headers (or the
> header sizes themselves).
Can you please give me more details? I had a lot of checks there if the
size is incorrect.

Thanks,
Shaohua
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: i386 IPI handlers running with hardirq_count == 0"
Previous message: Benjamin Herrenschmidt: "Re: Please pull from 'for_paulus' branch of powerpc"
In reply to: Jan Beulich: "Re: [PATCH]microcode update driver rewrite - takes 2"
Next in thread: Jan Beulich: "Re: [PATCH]microcode update driver rewrite - takes 2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]