Re: [CHECKER][PATCH] cmpci user-pointer fix

From: Raja R Harinath (harinath@cs.umn.edu)
Date: Wed May 28 2003 - 18:13:03 EST


Hi,

Hollis Blanchard <hollisb@xxxxxxxxxx> writes:
[snip]
> I believe the attached patch fixes it. cm_write was calling access_ok,
> but after that you must still access user space through the
> get/put/copy*_user functions. It should be safe to return -EFAULT at
> these points in cm_write, since there are other returns already in the
> code above and below that. Compile-tested only.
[snip]
> --- linux-2.5.70/sound/oss/cmpci.c.orig Sat May 24 19:00:00 2003
> +++ linux-2.5.70/sound/oss/cmpci.c Wed May 28 14:53:15 2003
> @@ -580,15 +580,17 @@
> spin_unlock_irqrestore(&s->lock, flags);
> }
>
> -static void trans_ac3(struct cm_state *s, void *dest, const char *source, int size)
> +static int trans_ac3(struct cm_state *s, void *dest, const char *source, int size)

Shouldn't 'source' get the new __user annotation, then:

const char * __user source

IIRC.

> {
> int i = size / 2;
> + int err;
> unsigned long data;
> unsigned long *dst = (unsigned long *) dest;
> unsigned short *src = (unsigned short *)source;

Likewise with 'src'.

- Hari
--
Raja R Harinath ------------------------------ harinath@xxxxxxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/