| To: | Vlad Apostolov <vapo@xxxxxxx> |
|---|---|
| Subject: | Re: TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address |
| From: | Christoph Hellwig <hch@xxxxxxxxxxxxx> |
| Date: | Mon, 27 Nov 2006 05:58:59 +0000 |
| Cc: | sgi.bugs.xfs@xxxxxxxxxxxx, linux-xfs@xxxxxxxxxxx |
| In-reply-to: | <45629AD8.8000800@xxxxxxx> |
| References: | <45629AD8.8000800@xxxxxxx> |
| Sender: | xfs-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.4.2.2i |
On Tue, Nov 21, 2006 at 05:21:12PM +1100, Vlad Apostolov wrote:
> No EFAULT error when dm_getall_dmattr() called with an invalid user
> buffer address.
This fix is broken. access_ok is not enough to verify the buffer,
it just does very few static check (basically the address space limit)
You need to use copy_{from,to}_user to access user pointers. I had
an untested patch to fix this at my good old SGI time, but Dean wanted
to review and test it a lot more. I'll try to dig up that patch if you care.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: XFS_IOC_RESVSP64 versus XFS_IOC_ALLOCSP64 with multiple threads, Stewart Smith |
|---|---|
| Next by Date: | Re: TAKE 958534 - [clone 958472] dmf does not work with mangrove 1.0 enhanced dmapi module, Christoph Hellwig |
| Previous by Thread: | TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address, Vlad Apostolov |
| Next by Thread: | Re: TAKE 956783 - xfs_dm_getall_dmattr() doesn't check if the user buffer is at valid address, Vlad Apostolov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |