* [PATCH]: 4/4GB: Incorrect bound check in do_getname()
@ 2004-11-11 16:26 Kirill Korotaev
0 siblings, 0 replies; only message in thread
From: Kirill Korotaev @ 2004-11-11 16:26 UTC (permalink / raw)
To: linux-kernel, Ingo Molnar, Linus Torvalds
[-- Attachment #1: Type: text/plain, Size: 372 bytes --]
This patch fixes incorrect address range check in do_getname().
Theoretically this can lead to do_getname() failure on kernel
address space string on the TASK_SIZE boundary addresses when
4GB split is ON.
Signed-Off-By: Kirill Korotaev <dev@sw.ru>
Kirill
P.S. These 4GB split patches are against modified 2.6.8.1 kernel, but
should be appliable to last Fedora kernels
[-- Attachment #2: diff-arch-4gb-getname --]
[-- Type: text/plain, Size: 713 bytes --]
--- linux-2.6.8.1.test/fs/namei.c.tasksize 2003-08-28 21:38:41.000000000 +0400
+++ linux-2.6.8.1.test/fs/namei.c 2003-09-11 16:02:04.000000000 +0400
@@ -106,11 +106,12 @@
int retval;
unsigned long len = PATH_MAX;
- if ((unsigned long) filename >= TASK_SIZE) {
- if (!segment_eq(get_fs(), KERNEL_DS))
+ if (!segment_eq(get_fs(), KERNEL_DS)) {
+ if ((unsigned long) filename >= TASK_SIZE)
return -EFAULT;
- } else if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
- len = TASK_SIZE - (unsigned long) filename;
+ if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
+ len = TASK_SIZE - (unsigned long) filename;
+ }
retval = strncpy_from_user((char *)page, filename, len);
if (retval > 0) {
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2004-11-11 16:26 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-11-11 16:26 [PATCH]: 4/4GB: Incorrect bound check in do_getname() Kirill Korotaev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.