> This code dereferences user supplied pointers directly instead of doing
> a copy_from_user(). Some kernel configs put user and kernel memory in
> different address spaces so this code isn't portable. Also the user
> memory could be swapped out or in this case the pointer could just be
> NULL leading to an oops.
>
> Another thing is that it makes permission tests like this sort of
> meaningless.
> if (minor == STREAM_MODULE && rec_mute->stream_id == 0) {
> retval = -EPERM;
> break;
> }
> The user could set stream_id to 1 for the test and then change it later.
>
> Signed-off-by: Dan Carpenter <[email protected]>
Acked-by: Vinod Koul <[email protected]>
_______________________________________________
devel mailing list
[email protected]
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
