Re: [PATCH] staging: vme_user: validate slave window size against buffer size

Next message: Inochi Amaoto: "Re: [PATCH 4/5] dt-bindings: pci: spacemit: Introduce Spacemit K3 PCIe host controller"
Previous message: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [PATCH] staging: vme_user: validate slave window size against buffer size"
In reply to: gregkh@xxxxxxxxxxxxxxxxxxx: "Re: [PATCH] staging: vme_user: validate slave window size against buffer size"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: gregkh@xxxxxxxxxxxxxxxxxxx

Date: Sat May 09 2026 - 03:18:23 EST

On Sat, May 09, 2026 at 03:58:45PM +0900, 木口璃音 wrote:
> diff --git a/drivers/staging/vme_user/vme_user.c
> b/drivers/staging/vme_user/vme_user.c
> index 11e25c2f6..41b8d5b51 100644
> --- a/drivers/staging/vme_user/vme_user.c
> +++ b/drivers/staging/vme_user/vme_user.c
> @@ -156,6 +156,11 @@ static ssize_t buffer_to_user(unsigned int minor,
> char __user *buf,
> {
> void *image_ptr;
>
> + if (*ppos < 0 || (u64)*ppos >= image[minor].size_buf ||
> + count > image[minor].size_buf - (u64)*ppos) {
> + pr_warn_ratelimited("%s: out-of-bounds access\n", __func__);
> + return -EINVAL;
> + }

Also the patch is corrupted :(