Re: [PATCH] check user access ok writing /proc/irq/<pid>/smp_affinity

From: David Mosberger <davidm_at_napali.hpl.hp.com>
Date: 2003-11-25 18:11:58
>>>>> On Mon, 24 Nov 2003 20:15:47 -0800, Paul Jackson <pj@sgi.com> said:

  Paul> David,
  Paul> Could you kindly apply the following patch?

  Paul> In arch/ia64/kernel/irq.c:irq_affinity_write_proc() there
  Paul> is an unchecked user access that examines writes to files
  Paul> /proc/irq/<pid>/smp_affinity for a leading character 'R',
  Paul> in order to trigger some interrupt redirect feature.

  Paul> You can oops the kernel easily, by issuing a write() system
  Paul> call to these files with a bogus address.

  Paul> Here's a patch against test10 to fix it:

I see the problem, but the patch is incomplete: even after an
access_ok()-check, you'll need to use __get_user() to access the
buffer.  Otherwise, the kernel will panic when accessing an unmapped
user-space address.  Can you update the patch and re-test?

Thanks,

	--david
-
To unsubscribe from this list: send the line "unsubscribe linux-ia64" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Received on Tue Nov 25 02:12:18 2003

This archive was generated by hypermail 2.1.8 : 2005-08-02 09:20:20 EST