Re: [PATCH] Check copy_*_user return value in drivers/block/scsi_ioctl.c

dan carpenter (d_carpenter@sbcglobal.net)
Sun, 25 May 2003 03:29:03 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Valdis.Kletnieks@vt.edu: "Re: Resend [PATCH] Make KOBJ_NAME_LEN match BUS_ID_SIZE"
Previous message: Justin T. Gibbs: "Re: Undo aic7xxx changes"

On Sunday 25 May 2003 06:28 pm, Jens Axboe wrote:
> On Sun, May 25 2003, Paulo Andre' wrote:
> > Hi Jens,
> >
> > Please find attached a trivial patch that checks both
> > copy_to_user() and copy_from_user() returns values in scsi_ioctl.c,
> > returning accordinly in case of a transfer error.
>
> See above, we've already done access_ok() on the buffer so the
> "unchecked" copy_to/from_user are done that way on purpose. I suppose it
> could be made more explicit with __copy_to/from_user().

access_ok() doesn't seem to mean copy_to_user will return 0.

438 unsigned long copy_to_user(void *to, const void *from, unsigned long n)
439 {
440 prefetch(from);
441 if (access_ok(VERIFY_WRITE, to, n))
442 n = __copy_to_user(to, from, n);
443 return n;
444 }

I have a script that finds all the unchecked calls to copy_to_user() and
I am curious about what cases it does not need to be checked.

http://kbugs.org/cgi-bin/index.py?page=bug_list&&script=UncheckedReturn&skernel=2.5.69&sfile=&start_bug=0&

Thanks,
dan carpenter

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Valdis.Kletnieks@vt.edu: "Re: Resend [PATCH] Make KOBJ_NAME_LEN match BUS_ID_SIZE"
Previous message: Justin T. Gibbs: "Re: Undo aic7xxx changes"