Yes, that is the intent. A 32 bit application is calling a 64 bit driver. The pointers in the 32 bit application merely need the virtual address upper word zero'd to pass themselves off as 64 bit virtual pointers. Yes, the clear_user call could be replaced with an =0 on the last element, but it was more generic to clear it out completely before copying in the subset. copy_[in|out]_user works with the constructed 64 bit virtual pointer. Sincerely -- Mark Salyzyn > -----Original Message----- > From: Mark Haverkamp [mailto:markh@xxxxxxxx] > Sent: Friday, June 09, 2006 12:22 PM > To: Salyzyn, Mark > Cc: Christoph Hellwig; James Bottomley; linux-scsi > Subject: RE: [PATCH 1/3] aacraid: Fix return code interpretation > > > On Fri, 2006-06-09 at 08:00 -0400, Salyzyn, Mark wrote: > > Are you sure of this? The code that follows expects the end of the > > structure to be cleared. > > Could you clarify? It looks like copy_in_user copies one u32 > less than > the structure size and leaves that last word uninitialized? The last > element of fib_ioctl (fib) is a char pointer though. > > I can't see where f.fib is initialized in next_adapter_fib even though > copy_to_user is called. Even if clear_user is called, doesn't that > mean that f.fib in next_adapter_fib will be only partially NULL, > > Mark. > > > > > > Sincerely -- Mark Salyzyn > > > > > -----Original Message----- > > > From: Christoph Hellwig [mailto:hch@xxxxxxxxxxxxx] > > > Sent: Thursday, June 08, 2006 4:11 PM > > > To: Mark Haverkamp > > > Cc: James Bottomley; linux-scsi; Salyzyn, Mark > > > Subject: Re: [PATCH 1/3] aacraid: Fix return code interpretation > > > > > > > > > > @@ -564,7 +564,7 @@ > > > > > > > > f = compat_alloc_user_space(sizeof(*f)); > > > > ret = 0; > > > > - if (clear_user(f, sizeof(*f)) != sizeof(*f)) > > > > + if (clear_user(f, sizeof(*f))) > > > > ret = -EFAULT; > > > > if (copy_in_user(f, (void __user *)arg, > > > sizeof(struct fib_ioctl) - sizeof(u32))) > > > > ret = -EFAULT; > > > > > > > > > > just remove the clear_user call completely, it's not needed. > > > > > > > > > -- > Mark Haverkamp <markh@xxxxxxxx> > > - : send the line "unsubscribe linux-scsi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
