> We also have vendorsec sitting on a patch from Serge Hallyn fixing the
> vulnerability in TPM i alluded to in my previous posting. One week on
> a one-line fix which has yet to make it upstream (which Serge requested
> be fixed ASAP).
rw_verify_area() makes certain that the size_t value fits in a signed
int, so this is actually not a problem that requires a security update
in the kernels shipping the driver. It is, at worst, sloppy code that
should be fixed in the next regular release.