On Thu, 11 Apr 2013 15:28:51 +0400 Pavel Emelyanov <xemul@xxxxxxxxxxxxx> wrote: > A new clear-refs type will be added in the next patch, so prepare > code for that. > > @@ -730,7 +733,7 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, > char buffer[PROC_NUMBUF]; > struct mm_struct *mm; > struct vm_area_struct *vma; > - int type; > + enum clear_refs_types type; > int rv; > > memset(buffer, 0, sizeof(buffer)); > @@ -738,10 +741,10 @@ static ssize_t clear_refs_write(struct file *file, const char __user *buf, > count = sizeof(buffer) - 1; > if (copy_from_user(buffer, buf, count)) > return -EFAULT; > - rv = kstrtoint(strstrip(buffer), 10, &type); > + rv = kstrtoint(strstrip(buffer), 10, (int *)&type); This is naughty. The compiler is allowed to put the enum into storage which is smaller (or, I guess, larger) than sizeof(int). I've seen one compiler which puts such an enum into a 16-bit word. --- a/fs/proc/task_mmu.c~clear_refs-sanitize-accepted-commands-declaration-fix +++ a/fs/proc/task_mmu.c @@ -734,6 +734,7 @@ static ssize_t clear_refs_write(struct f struct mm_struct *mm; struct vm_area_struct *vma; enum clear_refs_types type; + int itype; int rv; memset(buffer, 0, sizeof(buffer)); @@ -741,9 +742,10 @@ static ssize_t clear_refs_write(struct f count = sizeof(buffer) - 1; if (copy_from_user(buffer, buf, count)) return -EFAULT; - rv = kstrtoint(strstrip(buffer), 10, (int *)&type); + rv = kstrtoint(strstrip(buffer), 10, &itype); if (rv < 0) return rv; + type = (enum clear_refs_types)itype; if (type < CLEAR_REFS_ALL || type >= CLEAR_REFS_LAST) return -EINVAL; task = get_proc_task(file_inode(file)); _ -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>