Kernel package status
Michal Jaegermann
michal at harddata.com
Wed Jun 23 00:44:10 UTC 2004
On Tue, Jun 22, 2004 at 06:12:11PM -0400, Marc Deslauriers wrote:
> On Tue, 2004-06-22 at 11:51, Ron Yorston wrote:
> > I've been having a look at the 34.7.legacy kernel. Can someone explain
> > why the e1000 patch differs from that in Fedora Core 1's 2.4.22-1.2194
> > kernel?
>
> It looks like the patch was modified to work on 64-bit architectures, as
> Fedora supports a couple of them.
No, it does not look that way.
> I don't think it makes a difference on 32-bit machines.
Actually I think that it does and it fixes the real bug.
Looking at this code E1000_REGS_LEN * sizeof(uint32_t) is
the same as a sizeof(regs_buff) buffer and a little bit
down regs.len is used in copy_to_user() call which allows
user space to peek into a content of this buffer. We do
not want this a value of regs.len to be too big. Possibly
if this code would look instead like this:
memset(regs_buff, 0, sizeof(regs_buff));
if (regs.len > sizeof(regs_buff))
regs.len = sizeof(regs_buff);
then this would be quite a bit clearer. Without fixing
that copy_to_user() will use only up to a quarter of regs_buff
buffer and this has nothing to do with 32/64-bit issues.
Possibly not a very critical bug (I do not know that really)
but a bug nevertheless. It does not look that regs.len is
used very extensively. Presumably it is set in a preceding
copy_from_user() call and not used really in any other place.
Michal
More information about the fedora-legacy-list
mailing list