Re: TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Christoph Hellwig <hch@infradead.org>
To: Vlad Apostolov <vapo@sgi.com>
Cc: sgi.bugs.xfs@engr.sgi.com, linux-xfs@oss.sgi.com
Subject: Re: TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address
Date: Mon, 27 Nov 2006 05:58:59 +0000	[thread overview]
Message-ID: <20061127055859.GC1374@infradead.org> (raw)
In-Reply-To: <45629AD8.8000800@sgi.com>

On Tue, Nov 21, 2006 at 05:21:12PM +1100, Vlad Apostolov wrote:
> No EFAULT error when dm_getall_dmattr() called with an invalid user 
> buffer address.

This fix is broken.  access_ok is not enough to verify the buffer,
it just does very few static check (basically the address space limit)

You need to use copy_{from,to}_user to access user pointers.  I had
an untested patch to fix this at my good old SGI time, but Dean wanted
to review and test it a lot more.  I'll try to dig up that patch if you care.

next prev parent reply	other threads:[~2006-11-27  6:35 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-11-21  6:21 TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address Vlad Apostolov
2006-11-27  5:58 ` Christoph Hellwig [this message]
2006-11-28  0:00   ` Vlad Apostolov
2006-11-29 15:11     ` Christoph Hellwig

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20061127055859.GC1374@infradead.org \
    --to=hch@infradead.org \
    --cc=linux-xfs@oss.sgi.com \
    --cc=sgi.bugs.xfs@engr.sgi.com \
    --cc=vapo@sgi.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.