[linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]

From: Luca Risolia
Date: Thu Jun 10 2004 - 23:28:58 EST

Next message: Paul Jackson: "Re: 2.6.7-rc3-mm1"
Previous message: Andrew Rodland: "[ANNOUNCE] -ar patchset"
Next in thread: viro: "Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> unsigned int cmd, void* arg)
> {
> struct w9968cf_device* cam;
> + void __user *user_arg = (void __user *)arg;

The right place to apply this patch is in video_usercopy().

When video_usercopy() is used in the ioctl() method, there is no need
to dereference the arg pointer in ioctl() itself, since one of the purposes
of video_usercopy() is to do this work for us.

Please have a look at definition of the function in videodev.c.

int
video_usercopy(struct inode *inode, struct file *file,
unsigned int cmd, unsigned long arg,
int (*func)(struct inode *inode, struct file *file,
unsigned int cmd, unsigned void *arg))

What you have patched in your patch is the function pointed
by "func" above, which should already receive the __user pointer to arg.

Luca
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAyTWLmdpdKvzmNaQRAhDuAJ0e8okB48LQUaHnxZsSS0ZFTmuxRQCgnYqZ
WECeSegLUG5WDyUArFcByKU=
=u+vB
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul Jackson: "Re: 2.6.7-rc3-mm1"
Previous message: Andrew Rodland: "[ANNOUNCE] -ar patchset"
Next in thread: viro: "Re: [linux-usb-devel] Re: Finding user/kernel pointer bugs [no html]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]