[CHECKER] Help Needed!

• Next message: Chuck Ebbert: "Re: [PATCH] 2.5.68 Fix IO_APIC IRQ assignment bug"
• Previous message: Jeff Garzik: "Re: BK->CVS, kernel.bkbits.net"
• Next in thread: Manfred Spraul: "Re: [CHECKER] Help Needed!"
• Maybe reply: Manfred Spraul: "Re: [CHECKER] Help Needed!"
• Maybe reply: Andi Kleen: "Re: [CHECKER] Help Needed!"
• Reply: Chris Wright: "Re: [CHECKER] Help Needed!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

We run a checker that warns about derefence of user-pointer errors on
linux-2.5.63 and got the following warning message in
init/do_mounts.c:create_dev, which needs clarifications.

---------------------------------------------------------
/home/junfeng/linux-2.5.63/init/do_mounts.c:437:create_dev: ERROR:TAINTED:442:437:dereferencing tainted ptr 'devfs_name'

        sys_unlink(name);
        if (!do_devfs)
                return sys_mknod(name, S_IFBLK|0600, dev);

Error--->
        if (devfs_name && devfs_name[0]) {
                if (strncmp(devfs_name, "/dev/", 5) == 0)
                        devfs_name += 5;
                sprintf(path, "/dev/%s", devfs_name);
                if (sys_access(path, 0) == 0)
Start --->
                        return sys_symlink(devfs_name, name);
        }
        if (!dev)
                return -1;

It seems to us that create_dev can only be called at boot time (the
"__init" attribute), so devfs_name must be an untainted kernel pointer.
The warning on line 437 isn't a real error.

However, this pointer is finally passed into strncpy_from_user through the
call chain [ sys_symlink (devfs_name, name) --> getname (oldname) -->
do_getname(filename, _) --> strncpy_from_user (_, filename, _)]. Is it
okay to call *_from_user functions with the second arguements untainted?
What will access_ok(VERIFY_READ, src, 1) return?

As usual, any response will be greatly apppreciated. Thanks a lot!

-Junfeng

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Chuck Ebbert: "Re: [PATCH] 2.5.68 Fix IO_APIC IRQ assignment bug"
• Previous message: Jeff Garzik: "Re: BK->CVS, kernel.bkbits.net"
• Next in thread: Manfred Spraul: "Re: [CHECKER] Help Needed!"
• Maybe reply: Manfred Spraul: "Re: [CHECKER] Help Needed!"
• Maybe reply: Andi Kleen: "Re: [CHECKER] Help Needed!"
• Reply: Chris Wright: "Re: [CHECKER] Help Needed!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Apr 23 2003 - 22:00:28 EST