> diff -uNr linux-2.3.29-orig/arch/arm/kernel/sys_arm.c linux-2.3.29/arch/arm/kernel/sys_arm.c
> --- linux-2.3.29-orig/arch/arm/kernel/sys_arm.c Tue Nov 30 20:20:54 1999
> +++ linux-2.3.29/arch/arm/kernel/sys_arm.c Tue Nov 30 20:43:46 1999
> @@ -39,6 +39,12 @@
> int fd[2];
> int error;
>
> + /* catch EFAULT now */
> + if ((error = copy_from_user(fd, fildes, 2*sizeof(int)))<0 ||
> + (error = copy_to_user(fildes, fd, 2*sizeof(int))<0)
> + )
> + return error;
> +
> lock_kernel();
> error = do_pipe(fd);
> unlock_kernel();
Are you sure? According to the Sources copy_{from,to}_user return
the number of bytes the _couldn't_ copy. If you don't want to
return _random_ errnos on EFAULT, your patch should look like this:
diff -uNr linux-2.3.29-orig/arch/arm/kernel/sys_arm.c linux-2.3.29/arch/arm/kernel/sys_arm.c
--- linux-2.3.29-orig/arch/arm/kernel/sys_arm.c Tue Nov 30 20:20:54 1999
+++ linux-2.3.29/arch/arm/kernel/sys_arm.c Tue Nov 30 20:43:46 1999
@@ -39,6 +39,12 @@
int fd[2];
int error;
+ /* catch EFAULT now */
+ if ((error = copy_from_user(fd, fildes, 2*sizeof(int))) > 0 ||
+ (error = copy_to_user(fildes, fd, 2*sizeof(int))) > 0
+ )
+ return -EFAULT;
+
lock_kernel();
error = do_pipe(fd);
unlock_kernel();
Same for all other archs you patched.
Also note the corrected comparisons!
Any other opinions?
Regards
Ingo Oeser
-- Feel the power of the penguin - run linux@your.pc <esc>:x
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/