[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)

Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. Note: This is fixed upstream in 85badbdfSigned-off-by: Chris Wright <chrisw@sous-sol.org>

[PATCH] cpuset: prevent information leak in cpuset_tasks_read (CVE-2007-2875)
Use simple_read_from_buffer to avoid possible underflow in cpuset_tasks_read which could allow user to read kernel memory. Note: This is fixed upstream in 85badbdfSigned-off-by: Chris Wright <chrisw@sous-sol.org>
6a535788 · Chris Wright · f5939fcd · 6a535788
Commit 6a535788 authored Jun 07, 2007 by Chris Wright
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 6 deletions

kernel/cpuset.c kernel/cpuset.c +1 -6

No files found.
--- a/kernel/cpuset.c
+++ b/kernel/cpuset.c
@@ -1751,12 +1751,7 @@ static ssize_t cpuset_tasks_read(struct file *file, char __user *buf,
 {
 	struct ctr_struct *ctr = file->private_data;

-	if (*ppos + nbytes > ctr->bufsz)
-		nbytes = ctr->bufsz - *ppos;
-	if (copy_to_user(buf, ctr->buf + *ppos, nbytes))
-		return -EFAULT;
-	*ppos += nbytes;
-	return nbytes;
+	return simple_read_from_buffer(buf, nbytes, ppos, ctr->buf, ctr->bufsz);
 }

 static int cpuset_tasks_release(struct inode *unused_inode, struct file *file)