[PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf

linux-alpha.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount
@ 2010-02-03 15:49 Roel Kluin
  2010-02-03 15:52 ` Matt Turner
  2010-02-03 17:16 ` Richard Henderson
  0 siblings, 2 replies; 3+ messages in thread
From: Roel Kluin @ 2010-02-03 15:49 UTC (permalink / raw)
  To: Richard Henderson, Ivan Kokshaysky, Matt Turner, linux-alpha,
	Andrew Morton

The initial -EINVAL value is overwritten by `retval = PTR_ERR(name)'.
If this isn't an error pointer and typenr is not 1, 6 or 9, then
this retval, a pointer cast to a long, is returned.

Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
---
Was this intended? Not sure whether this can occur, found by code
analysis.

diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
index 62619f2..53c213f 100644
--- a/arch/alpha/kernel/osf_sys.c
+++ b/arch/alpha/kernel/osf_sys.c
@@ -361,7 +361,7 @@ osf_procfs_mount(char *dirname, struct procfs_args __user *args, int flags)
 SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, char __user *, path,
 		int, flag, void __user *, data)
 {
-	int retval = -EINVAL;
+	int retval;
 	char *name;
 
 	name = getname(path);
@@ -379,6 +379,7 @@ SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, char __user *, path,
 		retval = osf_procfs_mount(name, data, flag);
 		break;
 	default:
+		retval = -EINVAL;
 		printk("osf_mount(%ld, %x)\n", typenr, flag);
 	}
 	putname(name);

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount
  2010-02-03 15:49 [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount Roel Kluin
@ 2010-02-03 15:52 ` Matt Turner
  2010-02-03 17:16 ` Richard Henderson
  1 sibling, 0 replies; 3+ messages in thread
From: Matt Turner @ 2010-02-03 15:52 UTC (permalink / raw)
  To: Roel Kluin
  Cc: Richard Henderson, Ivan Kokshaysky, linux-alpha, Andrew Morton,
	LKML

On Wed, Feb 3, 2010 at 10:49 AM, Roel Kluin <roel.kluin@gmail.com> wrote:
> The initial -EINVAL value is overwritten by `retval = PTR_ERR(name)'.
> If this isn't an error pointer and typenr is not 1, 6 or 9, then
> this retval, a pointer cast to a long, is returned.
>
> Signed-off-by: Roel Kluin <roel.kluin@gmail.com>
> ---
> Was this intended? Not sure whether this can occur, found by code
> analysis.
>
> diff --git a/arch/alpha/kernel/osf_sys.c b/arch/alpha/kernel/osf_sys.c
> index 62619f2..53c213f 100644
> --- a/arch/alpha/kernel/osf_sys.c
> +++ b/arch/alpha/kernel/osf_sys.c
> @@ -361,7 +361,7 @@ osf_procfs_mount(char *dirname, struct procfs_args __user *args, int flags)
>  SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, char __user *, path,
>                int, flag, void __user *, data)
>  {
> -       int retval = -EINVAL;
> +       int retval;
>        char *name;
>
>        name = getname(path);
> @@ -379,6 +379,7 @@ SYSCALL_DEFINE4(osf_mount, unsigned long, typenr, char __user *, path,
>                retval = osf_procfs_mount(name, data, flag);
>                break;
>        default:
> +               retval = -EINVAL;
>                printk("osf_mount(%ld, %x)\n", typenr, flag);
>        }
>        putname(name);
>

Looks like a bug to me as well. Can anyone else confirm?

Matt Turner
--
To unsubscribe from this list: send the line "unsubscribe linux-alpha" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount
  2010-02-03 15:49 [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount Roel Kluin
  2010-02-03 15:52 ` Matt Turner
@ 2010-02-03 17:16 ` Richard Henderson
  1 sibling, 0 replies; 3+ messages in thread
From: Richard Henderson @ 2010-02-03 17:16 UTC (permalink / raw)
  To: Roel Kluin; +Cc: Ivan Kokshaysky, Matt Turner, linux-alpha, Andrew Morton, LKML

On 02/03/2010 07:49 AM, Roel Kluin wrote:
> The initial -EINVAL value is overwritten by `retval = PTR_ERR(name)'.
> If this isn't an error pointer and typenr is not 1, 6 or 9, then
> this retval, a pointer cast to a long, is returned.
>
> Signed-off-by: Roel Kluin<roel.kluin@gmail.com>

Acked-by: Richard Henderson <rth@twiddle.net>


r~

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-02-03 17:16 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-03 15:49 [PATCH] alpha: PTR_ERR overwrites -EINVAL in syscall osf_mount Roel Kluin
2010-02-03 15:52 ` Matt Turner
2010-02-03 17:16 ` Richard Henderson

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).