drivers/message/i2o/i2o_config.c: bound allocation Fix a case where users can try to allocate arbitarily large amounts of memory. 64K is overkill for a config request so apply an upper bound. Signed-off-by: Alan Cox <alan@linux.intel.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 261eba73353edd48b0c0cb7aad59553dfc712ebc [log] [tgz]
author: Alan Cox <alan@linux.intel.com> Mon Jul 30 14:41:30 2012 -0700
committer: Linus Torvalds <torvalds@linux-foundation.org> Mon Jul 30 17:25:17 2012 -0700
tree: 0bc64028f987e7777ed5002f0b4debf4422c28ad
parent: 40251b8eb46e48c011939a3ddf056fe13a223319 [diff] [blame]
diff --git a/drivers/message/i2o/i2o_config.c b/drivers/message/i2o/i2o_config.c
index 098de2b..9a49c24 100644
--- a/drivers/message/i2o/i2o_config.c
+++ b/drivers/message/i2o/i2o_config.c

@@ -188,6 +188,13 @@
 	if (!dev)
 		return -ENXIO;
 
+	/*
+	 * Stop users being able to try and allocate arbitary amounts
+	 * of DMA space. 64K is way more than sufficient for this.
+	 */
+	if (kcmd.oplen > 65536)
+		return -EMSGSIZE;
+
 	ops = memdup_user(kcmd.opbuf, kcmd.oplen);
 	if (IS_ERR(ops))
 		return PTR_ERR(ops);
commit	261eba73353edd48b0c0cb7aad59553dfc712ebc	[log] [tgz]
author	Alan Cox <alan@linux.intel.com>	Mon Jul 30 14:41:30 2012 -0700
committer	Linus Torvalds <torvalds@linux-foundation.org>	Mon Jul 30 17:25:17 2012 -0700
tree	0bc64028f987e7777ed5002f0b4debf4422c28ad
parent	40251b8eb46e48c011939a3ddf056fe13a223319 [diff] [blame]