Re: [RFC PATCH 5/5] gfs2: Add xreaddir file operation and supporting functions

From: Jonathan Corbet
Date: Wed Jul 30 2014 - 09:57:36 EST

Next message: Guenter Roeck: "Re: [PATCH v3 3/3] drivers/leds/leds-menf21bmc: introduce MEN 14F021P00 BMC LED driver"
Previous message: Bob Beck: "Re: [PATCH -v4] random: introduce getrandom(2) system call"
In reply to: Abhijith Das: "Re: [RFC PATCH 5/5] gfs2: Add xreaddir file operation and supporting functions"
Next in thread: Abhi Das: "[RFC PATCH 1/5] fs: xstat system call VFS bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 29 Jul 2014 18:25:57 -0400 (EDT)
Abhijith Das <adas@xxxxxxxxxx> wrote:

> > > + if ((xc->xc_xattr_mask & XSTAT_XATTR_ALL) &&
> > > + lxd->xd_blob.xb_xattr_count) {
> >
> > How can that be right? lxd is __user, it doesn't seem right to be
> > dereferencing it directly...?
>
> Wouldn't the call to access_ok() at the start of the syscall take care of this? All the
> __user pointers point to areas within the user supplied buffer buf and overflow past the
> end of the buffer for the last lxd is checked for.

No, dereferencing user-space pointers in the kernel is never OK. What
if user space remapped that page after the access_ok() call? You need
to use copy_*_user() to get at user-space structures from the kernel.

jon
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Guenter Roeck: "Re: [PATCH v3 3/3] drivers/leds/leds-menf21bmc: introduce MEN 14F021P00 BMC LED driver"
Previous message: Bob Beck: "Re: [PATCH -v4] random: introduce getrandom(2) system call"
In reply to: Abhijith Das: "Re: [RFC PATCH 5/5] gfs2: Add xreaddir file operation and supporting functions"
Next in thread: Abhi Das: "[RFC PATCH 1/5] fs: xstat system call VFS bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]