Re: [PATCH] getsockopt() early argument sanity checking

From: Manfred Spraul
Date: Sun Aug 20 2006 - 14:59:33 EST

Next message: Brian King: "Re: [Patch] Signedness issue in drivers/scsi/ipr.c"
Previous message: Eric Sesterhenn: "[PATCH] Signdness issue in drivers/usb/gadget/ether.c"
In reply to: Solar Designer: "Re: [PATCH] getsockopt() early argument sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Arjan wrote:

We're on UP. sys_getsockopt() does get_user() (due to the patch) and
makes sure that the passed *optlen is sane. Even if this get_user()
sleeps, the value it returns in "len" is what's currently in memory at
the time of the get_user() return (correct?) Then an underlying
*getsockopt() function does another get_user() on optlen (same address),
without doing any other user-space data accesses or anything else that
could sleep first. Is it possible that this second get_user()
invocation would sleep? I think not since it's the same address that
we've just read a value from, we did not leave kernel space, and we're
on UP (so no other processor could have changed the mapping). So the
patch appears to be sufficient for this special case (which is not
unlikely).

this reasoning goes out the window with kernel preemption of course ;)

Or O_DIRECT? I'm not sure what's easier to time, a kernel preemption or a DMA to the user address.

--
Manfred

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Brian King: "Re: [Patch] Signedness issue in drivers/scsi/ipr.c"
Previous message: Eric Sesterhenn: "[PATCH] Signdness issue in drivers/usb/gadget/ether.c"
In reply to: Solar Designer: "Re: [PATCH] getsockopt() early argument sanity checking"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]