-
David Miller authored
I ran into a few problems. n_tty_ioctl() for instance: drivers/char/tty_ioctl.c:799: error: $,1rxstruct termios$,1ry has no member named $,1rxc_ispeed$,1ry This is calling the copy interface that is supposed to be using a termios2 when the new interfaces are defined, however: case TIOCGLCKTRMIOS: if (kernel_termios_to_user_termios((struct termios __user *)arg, real_tty->termios_locked)) return -EFAULT; return 0; This is going to write over the end of the userspace structure by a few bytes, and wasn't caught by you yet because the i386 implementation is simply copy_to_user() which does zero type checking. Signed-off-by:
Alan Cox <alan@redhat.com> Cc: "David S. Miller" <davem@davemloft.net> Signed-off-by:
Andrew Morton <akpm@linux-foundation.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
f629307c
