Re: [CHECKER] 9 potential copy_*_user bugs in 2.4.1

From: Jamie Lokier (lk@tantalophile.demon.co.uk)
Date: Fri Mar 16 2001 - 08:05:58 EST

Next message: Nick Holloway: "Re: [PATCH] Improved version reporting"
Previous message: Jeff Garzik: "Re: Kernel 2.4.2and 8139too"
Next in thread: Rusty Russell: "Re: [CHECKER] 9 potential copy_*_user bugs in 2.4.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alexander Viro wrote:
> * verify_area() cleans the value, but you'll be better off
> considering these as dangerous - it only checks that range is OK and if
> pointer arithmetics moves you out of that range or you access piece longer
> than range in question...

Note that verify_area's argument cannot be safely dereferenced if a
parallel thread is able to change the user-space mapping. This is
usually possible.

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nick Holloway: "Re: [PATCH] Improved version reporting"
Previous message: Jeff Garzik: "Re: Kernel 2.4.2and 8139too"
Next in thread: Rusty Russell: "Re: [CHECKER] 9 potential copy_*_user bugs in 2.4.1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Fri Mar 23 2001 - 21:00:08 EST