From: Scotty Bauer <sbauer@eng.utah.edu>
To: agk@redhat.com, snitzer@redhat.com
Cc: linux-kernel@vger.kernel.org, dm-devel@redhat.com
Subject: Re: [PATCH] dm ioctl: Access user-land memory through safe functions.
Date: Tue, 8 Dec 2015 11:26:24 -0700 [thread overview]
Message-ID: <566720D0.8080509@eng.utah.edu> (raw)
In-Reply-To: <565DE2B8.7040709@eng.utah.edu>
On 12/01/2015 11:11 AM, Scotty wrote:
>
> 0001-dm-ioctl-Access-user-land-memory-through-safe-functi.patch
>
>
> From b26adf880eba03ac6f2b1dd87426bb96fd2a0282 Mon Sep 17 00:00:00 2001
> From: Scotty Bauer <sbauer@eng.utah.edu>
> Date: Tue, 1 Dec 2015 10:52:46 -0700
> Subject: [PATCH] dm ioctl: Access user-land memory through safe functions.
>
> This patch fixes a user-land dereference. Now we use
> the safe copy_from_user to access the memory.
>
> Signed-off-by: Scotty Bauer <sbauer@eng.utah.edu>
> ---
> drivers/md/dm-ioctl.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
> index 80a4395..39a9d1a 100644
> --- a/drivers/md/dm-ioctl.c
> +++ b/drivers/md/dm-ioctl.c
> @@ -1642,9 +1642,13 @@ static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags)
> static int check_version(unsigned int cmd, struct dm_ioctl __user *user)
> {
> uint32_t version[3];
> + uint32_t __user *version_ptr;
> int r = 0;
>
> - if (copy_from_user(version, user->version, sizeof(version)))
> + if (copy_from_user(&version_ptr, &user->version, sizeof(version_ptr)))
> + return -EFAULT;
> +
> + if (copy_from_user(version, version_ptr, sizeof(version)))
> return -EFAULT;
>
> if ((DM_VERSION_MAJOR != version[0]) ||
> @@ -1663,7 +1667,7 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user)
> version[0] = DM_VERSION_MAJOR;
> version[1] = DM_VERSION_MINOR;
> version[2] = DM_VERSION_PATCHLEVEL;
> - if (copy_to_user(user->version, version, sizeof(version)))
> + if (copy_to_user(version_ptr, version, sizeof(version)))
> return -EFAULT;
>
> return r;
> --
Friendly ping, is anyone interested in this?
next prev parent reply other threads:[~2015-12-08 18:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-01 18:11 [PATCH] dm ioctl: Access user-land memory through safe functions Scotty
2015-12-08 18:26 ` Scotty Bauer [this message]
2016-01-05 20:16 ` Mike Snitzer
2016-01-05 21:13 ` Mike Snitzer
2016-01-07 1:22 ` Scotty Bauer
2016-01-07 1:22 ` Scotty Bauer
2016-01-07 2:07 ` Mike Snitzer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=566720D0.8080509@eng.utah.edu \
--to=sbauer@eng.utah.edu \
--cc=agk@redhat.com \
--cc=dm-devel@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=snitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.