[PATCH] Cap shmmax at INT_MAX in compat shminfo

From: Guy Streeter
Date: Tue Feb 27 2007 - 15:11:25 EST

Next message: Daniel Walker: "Re: [RFC] Fast assurate clock readable from user space and NMIhandler"
Previous message: john stultz: "Re: [RFC] Fast assurate clock readable from user space and NMIhandler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The value of shmmax may be larger than will fit in the struct used by
the 32bit compat version of sys_shmctl. This change mirrors what the
normal sys_shmctl does when called with the old IPC_INFO command.

Signed-off-by: Guy Streeter <streeter@xxxxxxxxxx>
---
ipc/compat.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/ipc/compat.c b/ipc/compat.c
index fa18141..8b44aa9 100644
--- a/ipc/compat.c
+++ b/ipc/compat.c
@@ -542,6 +542,8 @@ static inline int put_compat_shminfo64(struct shminfo64 *smi,

if (!access_ok(VERIFY_WRITE, up64, sizeof(*up64)))
return -EFAULT;
+ if (smi->shmmax > INT_MAX)
+ smi->shmmax = INT_MAX;
err = __put_user(smi->shmmax, &up64->shmmax);
err |= __put_user(smi->shmmin, &up64->shmmin);
err |= __put_user(smi->shmmni, &up64->shmmni);
@@ -557,6 +559,8 @@ static inline int put_compat_shminfo(struct shminfo64 *smi,

if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
return -EFAULT;
+ if (smi->shmmax > INT_MAX)
+ smi->shmmax = INT_MAX;
err = __put_user(smi->shmmax, &up->shmmax);
err |= __put_user(smi->shmmin, &up->shmmin);
err |= __put_user(smi->shmmni, &up->shmmni);
--
1.4.4.2

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Walker: "Re: [RFC] Fast assurate clock readable from user space and NMIhandler"
Previous message: john stultz: "Re: [RFC] Fast assurate clock readable from user space and NMIhandler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]