[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <tip-11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1@git.kernel.org>
Date: Fri, 2 Oct 2009 18:36:55 GMT
From: tip-bot for Arjan van de Ven <arjan@...radead.org>
To: linux-tip-commits@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, hpa@...or.com, mingo@...hat.com,
yinghai@...nel.org, torvalds@...ux-foundation.org,
arjan@...ux.intel.com, arjan@...radead.org, tglx@...utronix.de,
mingo@...e.hu
Subject: [tip:x86/urgent] x86: Simplify bound checks in the MTRR code
Commit-ID: 11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1
Gitweb: http://git.kernel.org/tip/11879ba5d9ab8174af9b9cefbb2396a54dfbf8c1
Author: Arjan van de Ven <arjan@...radead.org>
AuthorDate: Sat, 26 Sep 2009 20:51:50 +0200
Committer: Ingo Molnar <mingo@...e.hu>
CommitDate: Fri, 2 Oct 2009 19:51:56 +0200
x86: Simplify bound checks in the MTRR code
The current bound checks for copy_from_user in the MTRR driver are
not as obvious as they could be, and gcc agrees with that.
This patch simplifies the boundary checks to the point that gcc can
now prove to itself that the copy_from_user() is never going past
its bounds.
Signed-off-by: Arjan van de Ven <arjan@...ux.intel.com>
Cc: Yinghai Lu <yinghai@...nel.org>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
LKML-Reference: <20090926205150.30797709@...radead.org>
Signed-off-by: Ingo Molnar <mingo@...e.hu>
---
arch/x86/kernel/cpu/mtrr/if.c | 17 ++++++++++++-----
1 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/arch/x86/kernel/cpu/mtrr/if.c b/arch/x86/kernel/cpu/mtrr/if.c
index f04e725..3c1b12d 100644
--- a/arch/x86/kernel/cpu/mtrr/if.c
+++ b/arch/x86/kernel/cpu/mtrr/if.c
@@ -96,17 +96,24 @@ mtrr_write(struct file *file, const char __user *buf, size_t len, loff_t * ppos)
unsigned long long base, size;
char *ptr;
char line[LINE_SIZE];
+ int length;
size_t linelen;
if (!capable(CAP_SYS_ADMIN))
return -EPERM;
- if (!len)
- return -EINVAL;
memset(line, 0, LINE_SIZE);
- if (len > LINE_SIZE)
- len = LINE_SIZE;
- if (copy_from_user(line, buf, len - 1))
+
+ length = len;
+ length--;
+
+ if (length > LINE_SIZE - 1)
+ length = LINE_SIZE - 1;
+
+ if (length < 0)
+ return -EINVAL;
+
+ if (copy_from_user(line, buf, length))
return -EFAULT;
linelen = strlen(line);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists