[linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]

All of lore.kernel.org
 help / color / mirror / Atom feed

* [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]
       [not found] <E1BYXuJ-0006vd-RU@sc8-sf-list1.sourceforge.net>
@ 2004-06-11  4:31 ` Luca Risolia
  2004-06-11  4:52   ` viro
  2004-06-11 16:17   ` Greg KH
  0 siblings, 2 replies; 4+ messages in thread
From: Luca Risolia @ 2004-06-11  4:31 UTC (permalink / raw)
  To: linux-usb-devel, viro, greg; +Cc: rtjohnso, linux-kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>                    unsigned int cmd, void* arg)
>  {
>  	struct w9968cf_device* cam;
> +	void __user *user_arg = (void __user *)arg;

The right place to apply this patch is in video_usercopy().

When video_usercopy() is used in the ioctl() method, there is no need
to dereference the arg pointer in ioctl() itself, since one of the purposes
of video_usercopy() is to do this work for us.

Please have a look at definition of the function in videodev.c.

int
video_usercopy(struct inode *inode, struct file *file,
               unsigned int cmd, unsigned long arg,
               int (*func)(struct inode *inode, struct file *file,
                           unsigned int cmd, unsigned void *arg))

What you have patched in your patch is the function pointed
by "func" above, which should already receive the __user pointer to arg.

Luca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAyTWLmdpdKvzmNaQRAhDuAJ0e8okB48LQUaHnxZsSS0ZFTmuxRQCgnYqZ
WECeSegLUG5WDyUArFcByKU=
=u+vB
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]
  2004-06-11  4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia
@ 2004-06-11  4:52   ` viro
  2004-06-11 16:17   ` Greg KH
  1 sibling, 0 replies; 4+ messages in thread
From: viro @ 2004-06-11  4:52 UTC (permalink / raw)
  To: Luca Risolia; +Cc: linux-usb-devel, greg, rtjohnso, linux-kernel

On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> >                    unsigned int cmd, void* arg)
> >  {
> >  	struct w9968cf_device* cam;
> > +	void __user *user_arg = (void __user *)arg;
> 
> The right place to apply this patch is in video_usercopy().

The right thing to do is to kill video_usercopy() as ugly piece of crap.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]
  2004-06-11  4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia
  2004-06-11  4:52   ` viro
@ 2004-06-11 16:17   ` Greg KH
  2004-06-11 16:46     ` Luca Risolia
  1 sibling, 1 reply; 4+ messages in thread
From: Greg KH @ 2004-06-11 16:17 UTC (permalink / raw)
  To: Luca Risolia; +Cc: linux-usb-devel, viro, rtjohnso, linux-kernel

On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote:
> >                    unsigned int cmd, void* arg)
> >  {
> >  	struct w9968cf_device* cam;
> > +	void __user *user_arg = (void __user *)arg;
> 
> The right place to apply this patch is in video_usercopy().

Um, the driver you just refered to does not use the video_usercopy()
function so your email doesn't make much sense in this context.

> Please have a look at definition of the function in videodev.c.

Please excuse me while I go get sick...

Anyway, that function needs to be properly marked up with __user if you
want it to live.

good luck,

greg k-h

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]
  2004-06-11 16:17   ` Greg KH
@ 2004-06-11 16:46     ` Luca Risolia
  0 siblings, 0 replies; 4+ messages in thread
From: Luca Risolia @ 2004-06-11 16:46 UTC (permalink / raw)
  To: Greg KH; +Cc: linux-usb-devel, viro, rtjohnso, linux-kernel

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 11 Jun 2004 09:17:48 -0700
Greg KH <greg@kroah.com> wrote:

> On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote:
> > >                    unsigned int cmd, void* arg)
> > >  {
> > >  	struct w9968cf_device* cam;
> > > +	void __user *user_arg = (void __user *)arg;
> > 
> > The right place to apply this patch is in video_usercopy().
> 
> Um, the driver you just refered to does not use the video_usercopy()
> function so your email doesn't make much sense in this context.

Oops, sorry. I forgot the w9968cf doesn't actually use video_usercopy().
However, apart from the "__user" context, there are several drivers
under drivers/usb/media/ that still use that usercopy() thing.

> 
> > Please have a look at definition of the function in videodev.c.
> 
> Please excuse me while I go get sick...
> 
> Anyway, that function needs to be properly marked up with __user if you
> want it to live.
> 
> good luck,
> 
> greg k-h
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAyeHImdpdKvzmNaQRAgSbAJ9J+Zq4PsS59Z0muH1nJM036CCBzACglYQO
5/kAGoFHru+NpJ0/wNd0YT0=
=57yE
-----END PGP SIGNATURE-----

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2004-06-11 16:42 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
     [not found] <E1BYXuJ-0006vd-RU@sc8-sf-list1.sourceforge.net>
2004-06-11  4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia
2004-06-11  4:52   ` viro
2004-06-11 16:17   ` Greg KH
2004-06-11 16:46     ` Luca Risolia

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.