Re: [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access

On Sat, Oct 06, 2007 at 08:19:11PM +0200, Arnd Bergmann wrote:
> As found by sparse, a user space pointer is assigned to a kernel
> data structure while calling other code with set_fs(KERNEL_DS),
> which could lead to leaking kernel data if that pointer is
> ever accessed.
> 
> I could not find any place in the floppy drivers that actually
> uses that pointer, but assigning it to an empty string is
> a safer choice and gets rid of the sparse warning.

FWIW, I'd kill kmalloc(), switched to compat_alloc_user_space() and
copy_in_user() / get_user()+put_user().  And kill set_fs() around that
sys_ioctl()...  Separate from the rest of this series, though.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [patch 0/9] compat_ioctl: introduce block/compat_ioctl.c
  - From: Arnd Bergmann <[email protected]>
- [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access
  - From: Arnd Bergmann <[email protected]>

Prev by Date: Re: [patch 8/9] compat_ioctl: call disk->fops->compat_ioctl without BKL
Next by Date: Re: Revert "intel_agp: fix stolen mem range on G33"
Previous by thread: [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access
Next by thread: [patch 3/9] compat_ioctl: handle blk_trace ioctls
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]