From: gregkh@suse.de (Greg KH)
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: khali@linux-fr.org, sensors@stimpy.netroedge.com
Subject: [04/08] I2C: Fix oops in eeprom driver
Date: Thu, 19 May 2005 06:25:48 +0000 [thread overview]
Message-ID: <20050405164711.GE17299@kroah.com> (raw)
In-Reply-To: <20050405164539.GA17299@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
This fixes an oops in the eeprom driver. It was first reported here:
http://bugzilla.kernel.org/show_bug.cgi?idC47
It was additionally discussed here (while tracking a completely
different bug):
http://archives.andrew.net.au/lm-sensors/msg30021.html
The patch is already in 2.6.12-rc1:
http://linux.bkbits.net:8080/linux-2.5/cset@1.2227
The oops happens when one reads data from the sysfs interface file such
that (off < 16) and (count < 16 - off). For example "sensors" from
lm_sensors 2.9.0 does this, and causes the oops.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- linux-2.6.11.4/drivers/i2c/chips/eeprom.c.orig 2005-03-13 10:00:01.000000000 +0100
+++ linux-2.6.11.4/drivers/i2c/chips/eeprom.c 2005-03-17 19:54:07.000000000 +0100
@@ -130,7 +130,8 @@
/* Hide Vaio security settings to regular users (16 first bytes) */
if (data->nature = VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
- int in_row1 = 16 - off;
+ size_t in_row1 = 16 - off;
+ in_row1 = min(in_row1, count);
memset(buf, 0, in_row1);
if (count - in_row1 > 0)
memcpy(buf + in_row1, &data->data[16], count - in_row1);
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: khali@linux-fr.org, sensors@stimpy.netroedge.com
Subject: [04/08] I2C: Fix oops in eeprom driver
Date: Tue, 5 Apr 2005 09:47:11 -0700 [thread overview]
Message-ID: <20050405164711.GE17299@kroah.com> (raw)
In-Reply-To: <20050405164539.GA17299@kroah.com>
-stable review patch. If anyone has any objections, please let us know.
------------------
This fixes an oops in the eeprom driver. It was first reported here:
http://bugzilla.kernel.org/show_bug.cgi?id=4347
It was additionally discussed here (while tracking a completely
different bug):
http://archives.andrew.net.au/lm-sensors/msg30021.html
The patch is already in 2.6.12-rc1:
http://linux.bkbits.net:8080/linux-2.5/cset@1.2227
The oops happens when one reads data from the sysfs interface file such
that (off < 16) and (count < 16 - off). For example "sensors" from
lm_sensors 2.9.0 does this, and causes the oops.
Signed-off-by: Jean Delvare <khali@linux-fr.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
--- linux-2.6.11.4/drivers/i2c/chips/eeprom.c.orig 2005-03-13 10:00:01.000000000 +0100
+++ linux-2.6.11.4/drivers/i2c/chips/eeprom.c 2005-03-17 19:54:07.000000000 +0100
@@ -130,7 +130,8 @@
/* Hide Vaio security settings to regular users (16 first bytes) */
if (data->nature == VAIO && off < 16 && !capable(CAP_SYS_ADMIN)) {
- int in_row1 = 16 - off;
+ size_t in_row1 = 16 - off;
+ in_row1 = min(in_row1, count);
memset(buf, 0, in_row1);
if (count - in_row1 > 0)
memcpy(buf + in_row1, &data->data[16], count - in_row1);
next prev parent reply other threads:[~2005-05-19 6:25 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-05 16:45 [00/11] -stable review Greg KH
2005-04-05 16:46 ` [01/08] Fix Oops with ALSA timer event notification Greg KH
2005-04-05 16:46 ` Greg KH
2005-04-05 16:46 ` [02/08] Prevent race condition in jbd Greg KH
2005-04-05 16:46 ` [03/08] fix ia64 syscall auditing Greg KH
2005-04-05 16:46 ` Greg KH
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:27 ` David Mosberger
2005-04-05 20:49 ` Greg KH
2005-04-05 20:49 ` Greg KH
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 21:01 ` Randy.Dunlap
2005-04-05 23:46 ` Ryan Anderson
2005-04-05 23:46 ` Ryan Anderson
2005-04-06 0:05 ` Greg KH
2005-04-06 0:05 ` Greg KH
2005-04-06 0:48 ` Dave Jones
2005-04-06 0:48 ` Dave Jones
2005-04-06 22:43 ` Andrew Morton
2005-04-06 22:43 ` Andrew Morton
2005-04-05 16:47 ` Greg KH [this message]
2005-05-19 6:25 ` [04/08] I2C: Fix oops in eeprom driver Greg KH
2005-04-05 16:47 ` [05/08] [IPSEC]: Do not hold state lock while checking size Greg KH
2005-04-05 16:47 ` [06/08] rwsem fix Greg KH
2005-04-05 16:47 ` [07/08] [TCP] Fix BIC congestion avoidance algorithm error Greg KH
2005-04-05 18:22 ` Theodore Ts'o
2005-04-05 18:26 ` David S. Miller
2005-04-05 18:32 ` Stephen Hemminger
2005-04-05 16:48 ` [08/08] uml: va_copy fix Greg KH
2005-04-05 18:47 ` Renate Meijer
2005-04-05 18:53 ` Blaisorblade
2005-04-05 20:18 ` Renate Meijer
2005-04-06 11:32 ` Jörn Engel
2005-04-06 12:04 ` Renate Meijer
2005-04-06 12:27 ` Jörn Engel
2005-04-06 15:46 ` [stable] " Greg KH
2005-04-06 17:29 ` Renate Meijer
2005-04-06 17:33 ` Jörn Engel
2005-04-06 17:58 ` Renate Meijer
2005-04-06 18:13 ` Jörn Engel
2005-04-06 19:13 ` Blaisorblade
2005-04-06 19:09 ` Blaisorblade
2005-04-06 19:30 ` Jörn Engel
2005-04-07 9:16 ` Renate Meijer
2005-04-07 18:25 ` Blaisorblade
2005-04-05 17:28 ` [00/11] -stable review Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050405164711.GE17299@kroah.com \
--to=gregkh@suse.de \
--cc=khali@linux-fr.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sensors@stimpy.netroedge.com \
--cc=stable@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.