Re: Finding user/kernel pointer bugs [no html]

[Greg KH]

On Thu, Jun 10, 2004 at 10:27:50AM -0700, David Brownell wrote:
> Greg KH wrote:
> >On Thu, Jun 10, 2004 at 05:49:03AM +0100, 
> >viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx wrote:
> 
> >>272 is interesting - it's in
> >>static void async_completed(struct urb *urb, struct pt_regs *regs)
> >>{
> >>       ...
> >>}
> >>and it brings two questions:
> >>	a) shouldn't ->si_addr be a __user pointer (in all contexts I see
> >>it is one)
> >>	b) WTF is usb doing messing with it directly?
> >>Note that drivers/usb/core/{devio,inode}.c are the only users of that 
> >>animal
> >>outside of arch/*.  Looks fishy...
> >
> >
> >I really don't know.  I think David added that code.  David, any ideas?
> 
> Not me.  I think that's the original code from Thomas Sailer;
> I've never touched the usbfs AIO core.  (Maybe you're thinking
> of some oops-on-disconnect fixups I did, forcing completions
> on all the usbfs-internal async requests.  That's now done in
> usbcore.)

Sorry, I was thinking of your gadgetfs aio work.  My mistake.

greg k-h
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/