On Thu, Mar 14, 2013 at 10:24 PM, Toralf Förster <toralf.foerster@xxxxxx> wrote: > On 03/14/2013 10:21 PM, Dave Jones wrote: >> hah, strndup_user taking a signed long instead of a size_t as it's length arg. >> >> either it needs to change, or it needs an explicit check for < 1 >> >> I wonder how many other paths make it possible to pass negative numbers here. > > just for the statistics - currently -14 rules : > > 2013-03-14T22:06:21.618+01:00 trinity kernel: memdup_user: -14 > 2013-03-14T22:06:25.664+01:00 trinity kernel: memdup_user: 28 > 2013-03-14T22:06:25.664+01:00 trinity kernel: memdup_user: -14 > 2013-03-14T22:06:37.533+01:00 trinity kernel: memdup_user: 3 > 2013-03-14T22:08:03.379+01:00 trinity kernel: memdup_user: -14 > 2013-03-14T22:09:34.668+01:00 trinity kernel: memdup_user: -14 > 2013-03-14T22:12:33.277+01:00 trinity kernel: memdup_user: -14 > 2013-03-14T22:13:15.214+01:00 trinity kernel: memdup_user: 2 > 2013-03-14T22:14:18.874+01:00 trinity kernel: trinity-watchdo[1169]: segfault at 244 ip 0804c956 sp bf836c9c error 4 in trinity[8048000+1d000] > 2013-03-14T22:15:10.287+01:00 trinity kernel: memdup_user: 2 > 2013-03-14T22:15:10.287+01:00 trinity kernel: memdup_user: 2 > 2013-03-14T22:17:50.351+01:00 trinity kernel: memdup_user: 2 > 2013-03-14T22:17:59.411+01:00 trinity kernel: memdup_user: -14 > -14 is -EFAULT. Time to look at UML's __get_user(). -- Thanks, //richard -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href