diff options
author | Nick Piggin <npiggin@suse.de> | 2008-02-02 03:08:53 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2008-02-06 11:43:46 -0800 |
commit | 83af8eda68a3f0c227d0eb05348e58ae27a62e7e (patch) | |
tree | 33ce1f20faa9337c5c08f39dd840c34dc311e041 /sound/usb/usx2y/usx2yhwdeppcm.c | |
parent | 0abe2d30fd090eba86541654080fee7686cf72fc (diff) |
vm audit: add VM_DONTEXPAND to mmap for drivers that need it (CVE-2008-0007)
Drivers that register a ->fault handler, but do not range-check the
offset argument, must set VM_DONTEXPAND in the vm_flags in order to
prevent an expanding mremap from overflowing the resource.
I've audited the tree and attempted to fix these problems (usually by
adding VM_DONTEXPAND where it is not obvious).
Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'sound/usb/usx2y/usx2yhwdeppcm.c')
-rw-r--r-- | sound/usb/usx2y/usx2yhwdeppcm.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sound/usb/usx2y/usx2yhwdeppcm.c b/sound/usb/usx2y/usx2yhwdeppcm.c index a5e7bcd7ca2e..6e70520b75c8 100644 --- a/sound/usb/usx2y/usx2yhwdeppcm.c +++ b/sound/usb/usx2y/usx2yhwdeppcm.c @@ -728,7 +728,7 @@ static int snd_usX2Y_hwdep_pcm_mmap(struct snd_hwdep * hw, struct file *filp, st return -ENODEV; } area->vm_ops = &snd_usX2Y_hwdep_pcm_vm_ops; - area->vm_flags |= VM_RESERVED; + area->vm_flags |= VM_RESERVED | VM_DONTEXPAND; area->vm_private_data = hw->private_data; return 0; } |