[PATCH][COMPAT] fix for net/compat.c

Stephen Rothwell (sfr@canb.auug.org.au)
Mon, 31 Mar 2003 16:36:25 +1000


Hi Linus, Dave,

This is basically a patch from Randolph Chung who tells me that when
a syscall is done from the kernel, you cannot pass user mode pointers
to it on some architectures. So we need to copy the sock_filter
array into kernel space before we pass it to the real system call.

His original patch (which does the same thing) has been tested on
parisc64-linux and this patch has been cross compiled for ppc64-linux.

Please apply.

-- 
Cheers,
Stephen Rothwell                    sfr@canb.auug.org.au
http://www.canb.auug.org.au/~sfr/

diff -ruN 2.5.66-033114/net/compat.c 2.5.66-033114-netfix/net/compat.c --- 2.5.66-033114/net/compat.c 2003-03-25 12:08:29.000000000 +1100 +++ 2.5.66-033114-netfix/net/compat.c 2003-03-31 16:08:02.000000000 +1000 @@ -496,6 +496,7 @@ struct sock_fprog kfprog; mm_segment_t old_fs; compat_uptr_t uptr; + unsigned int fsize; int ret; if (!access_ok(VERIFY_READ, fprog32, sizeof(*fprog32)) || @@ -503,15 +504,14 @@ __get_user(uptr, &fprog32->filter)) return -EFAULT; - kfprog.filter = compat_ptr(uptr); - /* - * Since struct sock_filter is architecure independent, - * we can just do the access_ok check and pass the - * same pointer to the real syscall. - */ - if (!access_ok(VERIFY_READ, kfprog.filter, - kfprog.len * sizeof(struct sock_filter))) + fsize = kfprog.len * sizeof(struct sock_filter); + kfprog.filter = (struct sock_filter *)kmalloc(fsize, GFP_KERNEL); + if (kfprog.filter == NULL) + return -ENOMEM; + if (copy_from_user(kfprog.filter, compat_ptr(uptr), fsize)) { + kfree(kfprog.filter); return -EFAULT; + } old_fs = get_fs(); set_fs(KERNEL_DS); @@ -519,6 +519,7 @@ (char *)&kfprog, sizeof(kfprog)); set_fs(old_fs); + kfree(kfprog.filter); return ret; } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/