> > > > This somehow should guard buffer overflow allocated of size dev- > >me_clients_num > > In theory this can happen only if something go wrong in hardware > > initialization or there is some other security hole that can change > > client_num. > > What _kind_ of "security hole" could ever change that number? Where > does it come from? Who can modify it? If you don't know that now then > we have worse problems...
The allocation of me_clients arrays of mei_clients_num is happening on ME enumeration message, While the filling out the array is looping over get properties message which is bounded by MEI_CLIENTS_MAX, so the overflow is indeed possible, of course only on some faulty HW. We had such errors only on new HW bring ups. Thanks Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
