Revision 01db403cf99f739f86903314a489fb420e0e254f authored by David S. Miller on 28 September 2010, 03:24:54 UTC, committed by David S. Miller on 28 September 2010, 03:24:54 UTC
Fixes kernel bugzilla #16603 tcp_sendmsg() truncates iov_len to an 'int' which a 4GB write to write zero bytes, for example. There is also the problem higher up of how verify_iovec() works. It wants to prevent the total length from looking like an error return value. However it does this using 'int', but syscalls return 'long' (and thus signed 64-bit on 64-bit machines). So it could trigger false-positives on 64-bit as written. So fix it to use 'long'. Reported-by: Olaf Bonorden <bono@onlinehome.de> Reported-by: Daniel Büse <dbuese@gmx.de> Reported-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 0b20406
| File | Mode | Size |
|---|---|---|
| Kconfig | -rw-r--r-- | 242 bytes |
| assigned-dev.c | -rw-r--r-- | 19.7 KB |
| coalesced_mmio.c | -rw-r--r-- | 4.1 KB |
| coalesced_mmio.h | -rw-r--r-- | 969 bytes |
| eventfd.c | -rw-r--r-- | 13.5 KB |
| ioapic.c | -rw-r--r-- | 10.7 KB |
| ioapic.h | -rw-r--r-- | 2.2 KB |
| iodev.h | -rw-r--r-- | 1.9 KB |
| iommu.c | -rw-r--r-- | 7.1 KB |
| irq_comm.c | -rw-r--r-- | 12.0 KB |
| kvm_main.c | -rw-r--r-- | 50.7 KB |
Computing file changes ...
