Skip to content
Commit 967060d0 authored by Darrick J. Wong's avatar Darrick J. Wong Committed by Ingo Molnar
Browse files

x86, msr: fix NULL pointer deref due to msr_open on nonexistent CPUs



msr_open tests for someone trying to open a device for a nonexistent CPU.
However, the function always returns 0, not ret like it should, hence
userspace can BUG the kernel trivially.  This bug was introduced by the
cdev lock_kernel pushdown patch last May.

The BUG can be reproduced with these commands:

# mknod fubar c 202 8 <-- pick a number less than NR_CPUS that is not
                          the number of an online CPU
# cat fubar

Signed-off-by: default avatarDarrick J. Wong <djwong@us.ibm.com>
Signed-off-by: default avatarIngo Molnar <mingo@elte.hu>
parent a6825f1c
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment