-Junfeng
On Mon, 21 Apr 2003, Manfred Spraul wrote:
> Junfeng wrote:
>
> >It seems to us that create_dev can only be called at boot time (the
> >"__init" attribute), so devfs_name must be an untainted kernel pointer.
> >The warning on line 437 isn't a real error.
> >
> >However, this pointer is finally passed into strncpy_from_user through the
> >call chain [ sys_symlink (devfs_name, name) --> getname (oldname) -->
> >do_getname(filename, _) --> strncpy_from_user (_, filename, _)]. Is it
> >okay to call *_from_user functions with the second arguements untainted?
> >What will access_ok(VERIFY_READ, src, 1) return?
> >
> >
> The copy_{to,from}_user functions can access either user or kernel space.
> after set_fs(KERNEL_DS), they access kernel space, after
> set_fs(USER_DS), they access user space.
>
> The initial boot thread starts with set_fs(KERNEL_DS), and is switched
> back to set_fs(USER_DS) in search_binary_handler (fs/exec.c), called
> during exec of /sbin/init.
>
> --
> Manfred
>
> P.S.: On i386, you can access both kernel and user space after
> set_fs(KERNEL_DS), or if you use __get_user() and bypass access_ok().
> Thus the __get_user() in arch/i386/kernel/traps.c, function
> show_registers is correct. This is the only instance I'm aware of where
> this is used, and noone else should be doing that. It fails on other
> archs, e.g. on sparc.
>
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/