On Mon, Feb 25, 2013 at 10:20:36AM -0500, Mathieu Desnoyers wrote: > Looking at mm/process_vm_access.c:process_vm_rw() and comparing it to > compat_process_vm_rw() shows that the compatibility code requires an > explicit "access_ok()" check before calling > compat_rw_copy_check_uvector(). The same difference seems to appear when > we compare fs/read_write.c:do_readv_writev() to > fs/compat.c:compat_do_readv_writev(). > > This subtle difference between the compat and non-compat requirements > should probably be debated, as it seems to be error-prone. In fact, > there are two others sites that use this function in the Linux kernel, > and they both seem to get it wrong: > > Now shifting our attention to fs/aio.c, we see that aio_setup_iocb() > also ends up calling compat_rw_copy_check_uvector() through > aio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to > be missing. Same situation for > security/keys/compat.c:compat_keyctl_instantiate_key_iov(). > > I propose that we add the access_ok() check directly into > compat_rw_copy_check_uvector(), so callers don't have to worry about it, > and it therefore makes the compat call code similar to its non-compat > counterpart. Place the access_ok() check in the same location where > copy_from_user() can trigger a -EFAULT error in the non-compat code, so > the ABI behaviors are alike on both compat and non-compat. > > While we are here, fix compat_do_readv_writev() so it checks for > compat_rw_copy_check_uvector() negative return values. > > And also, fix a memory leak in compat_keyctl_instantiate_key_iov() error > handling. > > Acked-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Acked-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@xxxxxxxxxxxx> > --- > fs/compat.c | 15 +++++++-------- > mm/process_vm_access.c | 8 -------- > security/keys/compat.c | 4 ++-- > 3 files changed, 9 insertions(+), 18 deletions(-) What ever happened to this patch? I don't see it in Linus's tree, was it not correct? thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html