[PATCH]: 4/4GB: Incorrect bound check in do_getname()

From: Kirill Korotaev
Date: Thu Nov 11 2004 - 11:28:06 EST

Next message: Alexander Fieroch: "SNES gamepad doesn't work with kernel 2.6.x"
Previous message: Alan Cox: "Linux 2.6.9-ac8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch fixes incorrect address range check in do_getname().
Theoretically this can lead to do_getname() failure on kernel
address space string on the TASK_SIZE boundary addresses when
4GB split is ON.

Signed-Off-By: Kirill Korotaev <dev@xxxxx>

Kirill

P.S. These 4GB split patches are against modified 2.6.8.1 kernel, but should be appliable to last Fedora kernels --- linux-2.6.8.1.test/fs/namei.c.tasksize 2003-08-28 21:38:41.000000000 +0400
+++ linux-2.6.8.1.test/fs/namei.c 2003-09-11 16:02:04.000000000 +0400
@@ -106,11 +106,12 @@
int retval;
unsigned long len = PATH_MAX;

- if ((unsigned long) filename >= TASK_SIZE) {
- if (!segment_eq(get_fs(), KERNEL_DS))
+ if (!segment_eq(get_fs(), KERNEL_DS)) {
+ if ((unsigned long) filename >= TASK_SIZE)
return -EFAULT;
- } else if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
- len = TASK_SIZE - (unsigned long) filename;
+ if (TASK_SIZE - (unsigned long) filename < PATH_MAX)
+ len = TASK_SIZE - (unsigned long) filename;
+ }

retval = strncpy_from_user((char *)page, filename, len);
if (retval > 0) {

Next message: Alexander Fieroch: "SNES gamepad doesn't work with kernel 2.6.x"
Previous message: Alan Cox: "Linux 2.6.9-ac8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]