From: Andi Kleen <andi@firstfloor.org>
To: Heiko Carstens <heiko.carstens@de.ibm.com>
Cc: Arjan van de Ven <arjan@infradead.org>,
Arnd Bergmann <arnd@arndb.de>, Ingo Molnar <mingo@elte.hu>,
David Miller <davem@davemloft.net>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] sparc: copy_from_user() should not return -EFAULT
Date: Tue, 05 Jan 2010 18:27:18 +0100 [thread overview]
Message-ID: <87skakbgy1.fsf@basil.nowhere.org> (raw)
In-Reply-To: <20100105152215.GD5480@osiris.boeblingen.de.ibm.com> (Heiko Carstens's message of "Tue, 5 Jan 2010 16:22:15 +0100")
Heiko Carstens <heiko.carstens@de.ibm.com> writes:
> Subject: [PATCH] sparc: copy_from_user() should not return -EFAULT
>
> From: Heiko Carstens <heiko.carstens@de.ibm.com>
>
> Callers of copy_from_user() expect it to return the number of bytes
> it could not copy. In no case it is supposed to return -EFAULT.
>
> In case of a detected buffer overflow just return the requested
> length. In addition one could think of a memset that would clear
> the size of the target object.
Ouch! I would expect this is likely exploitable, e.g. in mount
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
next prev parent reply other threads:[~2010-01-05 17:27 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-04 15:43 strict copy_from_user checks issues? Heiko Carstens
2010-01-05 1:43 ` Arjan van de Ven
2010-01-05 7:35 ` Ingo Molnar
2010-01-05 9:48 ` Heiko Carstens
2010-01-05 12:47 ` Arnd Bergmann
2010-01-05 13:19 ` Heiko Carstens
2010-01-05 13:31 ` Arjan van de Ven
2010-01-05 15:22 ` [PATCH] sparc: copy_from_user() should not return -EFAULT Heiko Carstens
2010-01-05 17:27 ` Andi Kleen [this message]
2010-01-05 20:47 ` David Miller
2010-01-06 3:20 ` Arjan van de Ven
2010-01-05 17:55 ` Arnd Bergmann
2010-01-06 4:42 ` David Miller
2010-01-05 22:15 ` [tip:x86/urgent] x86: " tip-bot for Heiko Carstens
2010-01-05 13:34 ` strict copy_from_user checks issues? Arjan van de Ven
2010-01-05 13:36 ` Arjan van de Ven
2010-01-05 13:45 ` Arnd Bergmann
2010-01-05 13:52 ` Arjan van de Ven
2010-01-05 15:20 ` Arnd Bergmann
2010-01-05 21:44 ` H. Peter Anvin
2010-01-07 14:02 ` Arnd Bergmann
2010-01-07 23:57 ` H. Peter Anvin
2010-01-09 0:07 ` Arnd Bergmann
2010-01-09 0:10 ` H. Peter Anvin
2010-01-09 8:01 ` Arnd Bergmann
2010-01-09 20:57 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87skakbgy1.fsf@basil.nowhere.org \
--to=andi@firstfloor.org \
--cc=akpm@linux-foundation.org \
--cc=arjan@infradead.org \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=heiko.carstens@de.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mingo@elte.hu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox