Hi Linus,
recent change from Andi breaks here: tmp.name is pointer, not
array in __sysctl_args, and so it is better to access it through
copy_from_user instead of directly.
With patch below it does not crash with unhandled kernel paging
request anymore.
Thanks,
Petr Vandrovec
[email protected]
--- linux/kernel/sysctl.c 2003-07-13 01:37:39.000000000 +0200
+++ linux/kernel/sysctl.c 2003-07-13 15:15:06.000000000 +0200
@@ -848,17 +848,25 @@
asmlinkage long sys_sysctl(struct __sysctl_args __user *args)
{
struct __sysctl_args tmp;
+ int name[2];
int error;
if (copy_from_user(&tmp, args, sizeof(tmp)))
return -EFAULT;
- if (tmp.nlen != 2 || tmp.name[0] != CTL_KERN ||
- tmp.name[1] != KERN_VERSION) {
+ if (tmp.nlen != 2 || copy_from_user(name, tmp.name, sizeof(name)) ||
+ name[0] != CTL_KERN || name[1] != KERN_VERSION) {
int i;
printk(KERN_INFO "%s: numerical sysctl ", current->comm);
- for (i = 0; i < tmp.nlen; i++)
- printk("%d ", tmp.name[i]);
+ for (i = 0; i < tmp.nlen; i++) {
+ int n;
+
+ if (get_user(n, tmp.name+i)) {
+ printk("? ");
+ } else {
+ printk("%d ", n);
+ }
+ }
printk("is obsolete.\n");
}