summaryrefslogtreecommitdiffstats
path: root/kernel/kmod.c
diff options
context:
space:
mode:
authorDavid Miller <davem@davemloft.net>2007-09-12 00:23:50 +0200
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-09-12 02:21:20 +0200
commitf629307c857c030d5a3dd777fee37c8bb395e171 (patch)
tree872077db1924672104f8e1267f53bfa70f79b13c /kernel/kmod.c
parentfutex_compat: fix list traversal bugs (diff)
downloadlinux-f629307c857c030d5a3dd777fee37c8bb395e171.tar.xz
linux-f629307c857c030d5a3dd777fee37c8bb395e171.zip
tty: termios locking functions break with new termios type
I ran into a few problems. n_tty_ioctl() for instance: drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no member named $,1rxc_ispeed$,1ry This is calling the copy interface that is supposed to be using a termios2 when the new interfaces are defined, however: case TIOCGLCKTRMIOS: if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked)) return -EFAULT; return 0; This is going to write over the end of the userspace structure by a few bytes, and wasn't caught by you yet because the i386 implementation is simply copy_to_user() which does zero type checking. Signed-off-by: Alan Cox <alan@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/kmod.c')
0 files changed, 0 insertions, 0 deletions