diff options
author | Zachary Amsden <zach@vmware.com> | 2006-01-06 00:11:55 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-01-06 08:33:35 -0800 |
commit | 5fe9fe3c6f9a1ae7aa224bb7a66eb9aad9e4abef (patch) | |
tree | ec120ce6e72700fe49720127bc76228c51bd406b /include/asm-i386/system.h | |
parent | 3fae1c37eea98097de34ba665796fea93b29f4aa (diff) | |
download | linux-3.10-5fe9fe3c6f9a1ae7aa224bb7a66eb9aad9e4abef.tar.gz linux-3.10-5fe9fe3c6f9a1ae7aa224bb7a66eb9aad9e4abef.tar.bz2 linux-3.10-5fe9fe3c6f9a1ae7aa224bb7a66eb9aad9e4abef.zip |
[PATCH] x86: Pnp byte granularity
The one remaining caller of set_limit, the PnP BIOS code, calls into the PnP
BIOS, passing kernel parameters in and out. These parameteres may be passed
from arbitrary kernel virtual memory, so they deserve strict protection to
stop a bad BIOS from smashing beyond the object size.
Unfortunately, the use of set_limit was badly botching this by setting the
limit in terms of pages, when it really should have byte granularity.
When doing this, I discovered my BIOS had the buggy code during the "get
system device node" call:
mov ax, es:[bx]
Which is harmless, but has a trivial workaround.
Signed-off-by: Zachary Amsden <zach@vmware.com>
Cc: "Seth, Rohit" <rohit.seth@intel.com>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/asm-i386/system.h')
-rw-r--r-- | include/asm-i386/system.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/asm-i386/system.h b/include/asm-i386/system.h index 24cc0c8fe34..9c0593b7a94 100644 --- a/include/asm-i386/system.h +++ b/include/asm-i386/system.h @@ -54,7 +54,7 @@ __asm__ __volatile__ ("movw %%dx,%1\n\t" \ ); } while(0) #define set_base(ldt,base) _set_base( ((char *)&(ldt)) , (base) ) -#define set_limit(ldt,limit) _set_limit( ((char *)&(ldt)) , ((limit)-1)>>12 ) +#define set_limit(ldt,limit) _set_limit( ((char *)&(ldt)) , ((limit)-1) ) /* * Load a segment. Fall back on loading the zero |