| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Nov 2014 12:45:16 +0000
From: Al Viro <viro@...IV.linux.org.uk>
To: Zahari Doychev <zahari.doychev@...ux.com>
Cc: linux-kernel@...r.kernel.org, dan.carpenter@...cle.com,
devel@...verdev.osuosl.org, oleg.drokin@...el.com,
andreas.dilger@...el.com, gregkh@...uxfoundation.org,
bergwolf@...il.com
Subject: Re: [PATCH] staging: lustre: fix pointer declarations
On Tue, Nov 25, 2014 at 09:44:21PM +0100, Zahari Doychev wrote:
> This patch fixes pointer declarations from void * to void __user * in order
> to remove some sparse warnings.
_Are_ those userland addresses, though? Quick grep shows that in the
only caller of lnet_copy_iov2flat() we have something called ibmsg passed
as the second argument *AND* *RIGHT* *BEFORE* *THAT* *CALL* *WE* *HAVE*
ibmsg = tx->tx_msg;
ibmsg->ibm_u.immediate.ibim_hdr = *hdr;
Go ahead, explain how does that manage to work if ibmsg is a userland pointer.
Either you have discovered an exploitable hole (direct store to userland
address), or it's not a userland pointer, after all.
Al, sick and tired of the "remove some warnings" as the sole rationale for
patches, without even an attempt to figure out what those warnings are
about. Magic box makes noises, magic box must be appeased...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists