Re: [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access

On Sat, Oct 06, 2007 at 08:19:11PM +0200, Arnd Bergmann wrote:
> As found by sparse, a user space pointer is assigned to a kernel
> data structure while calling other code with set_fs(KERNEL_DS),
> which could lead to leaking kernel data if that pointer is
> ever accessed.
> 
> I could not find any place in the floppy drivers that actually
> uses that pointer, but assigning it to an empty string is
> a safer choice and gets rid of the sparse warning.

FWIW, I'd kill kmalloc(), switched to compat_alloc_user_space() and
copy_in_user() / get_user()+put_user().  And kill set_fs() around that
sys_ioctl()...  Separate from the rest of this series, though.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • [patch 0/9] compat_ioctl: introduce block/compat_ioctl.c
    • From: Arnd Bergmann <[email protected]>
  • [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access
    • From: Arnd Bergmann <[email protected]>

• Prev by Date: Re: [patch 8/9] compat_ioctl: call disk->fops->compat_ioctl without BKL
• Next by Date: Re: Revert "intel_agp: fix stolen mem range on G33"
• Previous by thread: [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access
• Next by thread: [patch 3/9] compat_ioctl: handle blk_trace ioctls
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]