PATCH [bugfix for pipe(2) system call]

David Howells (David.Howells@nexor.co.uk)
Wed, 01 Dec 1999 09:02:46 GMT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ingo Molnar: "Re: 2.3.x + memory question"
Previous message: Michael Elizabeth Chastain: "qtrace 0.4, snapshot release, available"

I've produced a patch which should make sure that sys_pipe() checks that the
memory it has been asked to write into is actually present and writable.

I've put an implementation in for all the platforms that seemed to care
already. Not all of them do... is this because they don't have the
copy_*_user() macros?

David
====================
diff -uNr linux-2.3.29-orig/arch/arm/kernel/sys_arm.c linux-2.3.29/arch/arm/kernel/sys_arm.c
--- linux-2.3.29-orig/arch/arm/kernel/sys_arm.c Tue Nov 30 20:20:54 1999
+++ linux-2.3.29/arch/arm/kernel/sys_arm.c Tue Nov 30 20:43:46 1999
@@ -39,6 +39,12 @@
int fd[2];
int error;

+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
+ )
+ return error;
+
lock_kernel();
error = do_pipe(fd);
unlock_kernel();
diff -uNr linux-2.3.29-orig/arch/i386/kernel/sys_i386.c linux-2.3.29/arch/i386/kernel/sys_i386.c
--- linux-2.3.29-orig/arch/i386/kernel/sys_i386.c Tue Nov 30 20:20:51 1999
+++ linux-2.3.29/arch/i386/kernel/sys_i386.c Tue Nov 30 20:40:45 1999
@@ -31,6 +31,12 @@
int fd[2];
int error;

+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
+ )
+ return error;
+
lock_kernel();
error = do_pipe(fd);
unlock_kernel();
diff -uNr linux-2.3.29-orig/arch/m68k/kernel/sys_m68k.c linux-2.3.29/arch/m68k/kernel/sys_m68k.c
--- linux-2.3.29-orig/arch/m68k/kernel/sys_m68k.c Tue Nov 30 20:20:53 1999
+++ linux-2.3.29/arch/m68k/kernel/sys_m68k.c Tue Nov 30 20:43:55 1999
@@ -34,6 +34,12 @@
int fd[2];
int error;

+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
+ )
+ return error;
+
lock_kernel();
error = do_pipe(fd);
if (!error) {
diff -uNr linux-2.3.29-orig/arch/ppc/kernel/syscalls.c linux-2.3.29/arch/ppc/kernel/syscalls.c
--- linux-2.3.29-orig/arch/ppc/kernel/syscalls.c Tue Nov 30 20:20:53 1999
+++ linux-2.3.29/arch/ppc/kernel/syscalls.c Tue Nov 30 20:43:37 1999
@@ -184,6 +184,12 @@
int fd[2];
int error;

+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
+ )
+ return error;
+
lock_kernel();
error = do_pipe(fd);
unlock_kernel();
diff -uNr linux-2.3.29-orig/arch/sh/kernel/sys_sh.c linux-2.3.29/arch/sh/kernel/sys_sh.c
--- linux-2.3.29-orig/arch/sh/kernel/sys_sh.c Tue Nov 30 20:20:55 1999
+++ linux-2.3.29/arch/sh/kernel/sys_sh.c Tue Nov 30 20:43:26 1999
@@ -33,6 +33,12 @@
int fd[2];
int error;

+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
+ )
+ return error;
+
lock_kernel();
error = do_pipe(fd);
unlock_kernel();

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: 2.3.x + memory question"
Previous message: Michael Elizabeth Chastain: "qtrace 0.4, snapshot release, available"