Re: [PATCH 3/4 -2.6.15]:x25: 32 bit (socket layer) ioctl emulation for 64 bit kernels

[Arnd Bergmann]

Am Dienstag, 17. Januar 2006 00:12 schrieb Shaun Pereira:
> +static int compat_x25_subscr_ioctl(unsigned int cmd,
> +               struct compat_x25_subscrip_struct __user *x25_subscr32)
> +{
> +       struct x25_subscrip_struct x25_subscr;
> +       struct x25_neigh *nb;
> +       struct net_device *dev;
> +       int rc = -EINVAL;
> +
> +       if (cmd != SIOCX25GSUBSCRIP && cmd != SIOCX25SSUBSCRIP)
> +               goto out;

btw, the above check is not needed here, but that's not my point.

> +
> +       rc = -EFAULT;
> +       if(copy_from_user(&x25_subscr, x25_subscr32, sizeof(*x25_subscr32))) 
> +               goto out;

Unfortunately, I just found another bug in this code, similar to one you 
already fixed in the sock_get_timestamp handler:
You can't do the copy_from_user like this if the arguments have different 
types. Changing the declaration 'struct x25_subscrip_struct x25_subscr;'
to 'struct compat_x25_subscrip_struct x25_subscr;' should fix this problem,
but please verify that it really works with a test case that relies on the 
contents of x25_subscr->extended.

	Arnd <><
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/