On Tue, 29 Jul 2014 18:25:57 -0400 (EDT)
Abhijith Das <adas@xxxxxxxxxx> wrote:
> > > + if ((xc->xc_xattr_mask & XSTAT_XATTR_ALL) &&
> > > + lxd->xd_blob.xb_xattr_count) {
> >
> > How can that be right? lxd is __user, it doesn't seem right to be
> > dereferencing it directly...?
>
> Wouldn't the call to access_ok() at the start of the syscall take care of this? All the
> __user pointers point to areas within the user supplied buffer buf and overflow past the
> end of the buffer for the last lxd is checked for.
No, dereferencing user-space pointers in the kernel is never OK. What
if user space remapped that page after the access_ok() call? You need
to use copy_*_user() to get at user-space structures from the kernel.
jon
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
