Example: ioctl(fd, VG_CREATE, ptr) expects the following:
at ptr -
struct {
/* bunch of sane fields */
struct proc_dir_entry *proc; /* ignored */
pv_t *pv[ABS_MAX_PV + 1];
lv_t *lv[ABS_MAX_LV + 1];
/* bunch of stuff */
}
and pointers in the second array are to the following:
struct {
/* lots of stuff */
kdev_t lv_dev;
/* lots of other stuff */
}
They _are_ dereferenced and values of ptr->lv[i]->lv_dev are stored in
kernel data structures. And used afterwards. As kdev_t.
The same goes for the rest of LVM ioctls - pretty much all of them
pull such stunts. I'm not going to comment on harmless gross indecencies
like struct proc_dir_entry * passed from the userland (and fortunately
ignored), but kdev_t instances are _not_ harmless.
Public statement along the lines "any API that passes kdev_t values
across the kernel boundary is unacceptable" would be a nice thing...
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/