Re: [PATCH] LinuxPPS (with new syscalls API)

From: Robert Hancock
Date: Tue Jun 26 2007 - 19:34:48 EST

Next message: Trond Myklebust: "Re: [RFD 0/4] AppArmor - Don't pass NULL nameidata tovfs_create/lookup/permission IOPs"
Previous message: David Chinner: "Re: [PATCH 4/7][TAKE5] support new modes in fallocate"
In reply to: Rodolfo Giometti: "Re: [PATCH] LinuxPPS (with new syscalls API) - new version"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David Woodhouse wrote:

On Tue, 2007-06-26 at 19:06 +0200, Rodolfo Giometti wrote:
On Tue, Jun 26, 2007 at 11:57:07AM +0100, David Woodhouse wrote:
Your syscalls blindly dereference userspace pointers instead of using
copy_{to,from} user.

I use access_ok() to test userspace addresses. It should be ok,
shouldn't it?

No; it's racy. You must use copy_from_user() and copy_to_user().

Not only is it racy, but it doesn't even do all of the checks that copy_to/from_user does. access_ok only validates that the region given is potentially valid, not that it actually is. Using access_ok only allows you to use __copy_to/from_user instead, which skips the same checks that access_ok does - not worth it unless you do repeated copies to/from the same region of memory.

--
Robert Hancock Saskatoon, SK, Canada
To email, remove "nospam" from hancockr@xxxxxxxxxxxxx
Home Page: http://www.roberthancock.com/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Trond Myklebust: "Re: [RFD 0/4] AppArmor - Don't pass NULL nameidata tovfs_create/lookup/permission IOPs"
Previous message: David Chinner: "Re: [PATCH 4/7][TAKE5] support new modes in fallocate"
In reply to: Rodolfo Giometti: "Re: [PATCH] LinuxPPS (with new syscalls API) - new version"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]