Re: cross memory attach && security check

From: Oleg Nesterov
Date: Tue Jan 10 2012 - 08:20:42 EST

Next message: James Morris: "Re: [PATCH] audit: no leading space in audit_log_d_path prefix"
Previous message: Stanislav Kinsbursky: "[PATCH v2 3/5] NFS: blocklayout PipeFS notifier introduced"
In reply to: Oleg Nesterov: "Re: cross memory attach && security check"
Next in thread: Christopher Yeoh: "Re: cross memory attach && security check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 01/09, Oleg Nesterov wrote:
>
> Partly I was confused because (I guess) there is another minor bug in
> process_vm_rw(), I think we need
>
> --- x/mm/process_vm_access.c
> +++ x/mm/process_vm_access.c
> @@ -375,10 +375,10 @@ static ssize_t process_vm_rw(pid_t pid,
>
> /* Check iovecs */
> if (vm_write)
> - rc = rw_copy_check_uvector(WRITE, lvec, liovcnt, UIO_FASTIOV,
> + rc = rw_copy_check_uvector(READ, lvec, liovcnt, UIO_FASTIOV,
> iovstack_l, &iov_l, 1);
> else
> - rc = rw_copy_check_uvector(READ, lvec, liovcnt, UIO_FASTIOV,
> + rc = rw_copy_check_uvector(WRITE, lvec, liovcnt, UIO_FASTIOV,
> iovstack_l, &iov_l, 1);

Argh. No, I was wrong, vrfy_dir() swaps READ/WRITE.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Morris: "Re: [PATCH] audit: no leading space in audit_log_d_path prefix"
Previous message: Stanislav Kinsbursky: "[PATCH v2 3/5] NFS: blocklayout PipeFS notifier introduced"
In reply to: Oleg Nesterov: "Re: cross memory attach && security check"
Next in thread: Christopher Yeoh: "Re: cross memory attach && security check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]