* [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] [not found] <E1BYXuJ-0006vd-RU@sc8-sf-list1.sourceforge.net> @ 2004-06-11 4:31 ` Luca Risolia 2004-06-11 4:52 ` viro 2004-06-11 16:17 ` Greg KH 0 siblings, 2 replies; 4+ messages in thread From: Luca Risolia @ 2004-06-11 4:31 UTC (permalink / raw) To: linux-usb-devel, viro, greg; +Cc: rtjohnso, linux-kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > unsigned int cmd, void* arg) > { > struct w9968cf_device* cam; > + void __user *user_arg = (void __user *)arg; The right place to apply this patch is in video_usercopy(). When video_usercopy() is used in the ioctl() method, there is no need to dereference the arg pointer in ioctl() itself, since one of the purposes of video_usercopy() is to do this work for us. Please have a look at definition of the function in videodev.c. int video_usercopy(struct inode *inode, struct file *file, unsigned int cmd, unsigned long arg, int (*func)(struct inode *inode, struct file *file, unsigned int cmd, unsigned void *arg)) What you have patched in your patch is the function pointed by "func" above, which should already receive the __user pointer to arg. Luca -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAyTWLmdpdKvzmNaQRAhDuAJ0e8okB48LQUaHnxZsSS0ZFTmuxRQCgnYqZ WECeSegLUG5WDyUArFcByKU= =u+vB -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] 2004-06-11 4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia @ 2004-06-11 4:52 ` viro 2004-06-11 16:17 ` Greg KH 1 sibling, 0 replies; 4+ messages in thread From: viro @ 2004-06-11 4:52 UTC (permalink / raw) To: Luca Risolia; +Cc: linux-usb-devel, greg, rtjohnso, linux-kernel On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > unsigned int cmd, void* arg) > > { > > struct w9968cf_device* cam; > > + void __user *user_arg = (void __user *)arg; > > The right place to apply this patch is in video_usercopy(). The right thing to do is to kill video_usercopy() as ugly piece of crap. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] 2004-06-11 4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia 2004-06-11 4:52 ` viro @ 2004-06-11 16:17 ` Greg KH 2004-06-11 16:46 ` Luca Risolia 1 sibling, 1 reply; 4+ messages in thread From: Greg KH @ 2004-06-11 16:17 UTC (permalink / raw) To: Luca Risolia; +Cc: linux-usb-devel, viro, rtjohnso, linux-kernel On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote: > > unsigned int cmd, void* arg) > > { > > struct w9968cf_device* cam; > > + void __user *user_arg = (void __user *)arg; > > The right place to apply this patch is in video_usercopy(). Um, the driver you just refered to does not use the video_usercopy() function so your email doesn't make much sense in this context. > Please have a look at definition of the function in videodev.c. Please excuse me while I go get sick... Anyway, that function needs to be properly marked up with __user if you want it to live. good luck, greg k-h ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] 2004-06-11 16:17 ` Greg KH @ 2004-06-11 16:46 ` Luca Risolia 0 siblings, 0 replies; 4+ messages in thread From: Luca Risolia @ 2004-06-11 16:46 UTC (permalink / raw) To: Greg KH; +Cc: linux-usb-devel, viro, rtjohnso, linux-kernel -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 11 Jun 2004 09:17:48 -0700 Greg KH <greg@kroah.com> wrote: > On Fri, Jun 11, 2004 at 06:31:07AM +0200, Luca Risolia wrote: > > > unsigned int cmd, void* arg) > > > { > > > struct w9968cf_device* cam; > > > + void __user *user_arg = (void __user *)arg; > > > > The right place to apply this patch is in video_usercopy(). > > Um, the driver you just refered to does not use the video_usercopy() > function so your email doesn't make much sense in this context. Oops, sorry. I forgot the w9968cf doesn't actually use video_usercopy(). However, apart from the "__user" context, there are several drivers under drivers/usb/media/ that still use that usercopy() thing. > > > Please have a look at definition of the function in videodev.c. > > Please excuse me while I go get sick... > > Anyway, that function needs to be properly marked up with __user if you > want it to live. > > good luck, > > greg k-h > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAyeHImdpdKvzmNaQRAgSbAJ9J+Zq4PsS59Z0muH1nJM036CCBzACglYQO 5/kAGoFHru+NpJ0/wNd0YT0= =57yE -----END PGP SIGNATURE----- ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2004-06-11 16:42 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <E1BYXuJ-0006vd-RU@sc8-sf-list1.sourceforge.net>
2004-06-11 4:31 ` [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html] Luca Risolia
2004-06-11 4:52 ` viro
2004-06-11 16:17 ` Greg KH
2004-06-11 16:46 ` Luca Risolia
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.