2005-03-02 11:15:03

by Panagiotis Issaris

[permalink] [raw]
Subject: [PATCH] raw1394 missing failure handling

Hi,

In the raw1394 driver the failure handling for
a __copy_to_user call is missing.

With friendly regards,
Takis

--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/


Attachments:
pi-20050302T114855-linux_2_6_11-raw1394_copy_to_user_failure_handling.diff (661.00 B)

2005-03-02 11:34:33

by Anton Altaparmakov

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

Hi,

On Wed, 2005-03-02 at 12:10 +0100, Panagiotis Issaris wrote:
> In the raw1394 driver the failure handling for
> a __copy_to_user call is missing.

Your patch is obviously incorrect as it doesn't free the request before
it returns.

Best regards,

Anton
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/

2005-03-02 11:44:11

by Sergey Vlasov

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

On Wed, 02 Mar 2005 12:10:50 +0100 Panagiotis Issaris wrote:

> In the raw1394 driver the failure handling for
> a __copy_to_user call is missing.
>
> With friendly regards,
> Takis
>
> --
> K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
> http://people.mech.kuleuven.ac.be/~pissaris/
>
>
>
> [pi-20050302T114855-linux_2_6_11-raw1394_copy_to_user_failure_handling.diff text/x-patch (922 bytes)]
> diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
> --- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
> +++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 11:47:38.000000000 +0100
> @@ -443,7 +443,8 @@ static ssize_t raw1394_read(struct file
> req->req.error = RAW1394_ERROR_MEMFAULT;
> }
> }
> - __copy_to_user(buffer, &req->req, sizeof(req->req));
> + if (__copy_to_user(buffer, &req->req, sizeof(req->req)))
> + return -EFAULT;

Bug: "req" is not freed in the failure case.

>
> free_pending_request(req);
> return sizeof(struct raw1394_request);
>


Attachments:
(No filename) (1.14 kB)
(No filename) (189.00 B)
Download all attachments

2005-03-02 12:33:21

by Panagiotis Issaris

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

Hi,

Anton Altaparmakov wrote:

>On Wed, 2005-03-02 at 12:10 +0100, Panagiotis Issaris wrote:
>
>
>>In the raw1394 driver the failure handling for
>>a __copy_to_user call is missing.
>>
>>
>
>Your patch is obviously incorrect as it doesn't free the request before
>it returns.
>
>
Oops. Thanks for replying! Any more problems with the updated
patch?

With friendly regards,
Takis

--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/


Attachments:
pi-20050302T131628-linux_2_6_11-1394_copy_to_user_failure_handling.diff (728.00 B)

2005-03-02 14:24:48

by Dmitry Torokhov

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

On Wed, 02 Mar 2005 13:28:23 +0100, Panagiotis Issaris
<[email protected]> wrote:
> Hi,
>
> Anton Altaparmakov wrote:
>
> >On Wed, 2005-03-02 at 12:10 +0100, Panagiotis Issaris wrote:
> >
> >
> >>In the raw1394 driver the failure handling for
> >>a __copy_to_user call is missing.
> >>
> >>
> >
> >Your patch is obviously incorrect as it doesn't free the request before
> >it returns.
> >
> >
> Oops. Thanks for replying! Any more problems with the updated
> patch?
>

Formatting... Opening curly brace should go on the same line with "if".

--
Dmitry

2005-03-02 14:32:25

by Panagiotis Issaris

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

Hi,

Dmitry Torokhov wrote:

>On Wed, 02 Mar 2005 13:28:23 +0100, Panagiotis Issaris
><[email protected]> wrote:
>
>
>>Oops. Thanks for replying! Any more problems with the updated
>>patch?
>>
>>
>Formatting... Opening curly brace should go on the same line with "if".
>
>
Thanks. Here's my third try :-)

With friendly regards,
Takis

--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/


Attachments:
pi-20050302T152730-linux_2_6_11-1394_copy_to_user_failure_handling_3.diff (719.00 B)

2005-03-03 22:02:16

by Jody McIntyre

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

> Thanks. Here's my third try :-)
>
> With friendly regards,
> Takis

I'll apply this to the 1394 tree and send it to Linus after testing if
you add a Signed-off-by: line per Documentation/SubmittingPatches .
Also, please cc [email protected] with ieee1394
changes.

Thanks,
Jody

>
> --
> K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
> http://people.mech.kuleuven.ac.be/~pissaris/
>

> diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
> --- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
> +++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 15:27:15.000000000 +0100
> @@ -443,7 +443,10 @@ static ssize_t raw1394_read(struct file
> req->req.error = RAW1394_ERROR_MEMFAULT;
> }
> }
> - __copy_to_user(buffer, &req->req, sizeof(req->req));
> + if (__copy_to_user(buffer, &req->req, sizeof(req->req))) {
> + free_pending_request(req);
> + return -EFAULT;
> + }
>
> free_pending_request(req);
> return sizeof(struct raw1394_request);


--

2005-03-03 22:49:18

by Panagiotis Issaris

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

Hi,

Jody McIntyre wrote:

>I'll apply this to the 1394 tree and send it to Linus after testing if
>you add a Signed-off-by: line per Documentation/SubmittingPatches .
>Also, please cc [email protected] with ieee1394
>changes.
>
Sure! Thanks!


Adds the missing failure handling for a __copy_to_user call.


Signed-off-by: Panagiotis Issaris <[email protected]>

diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
--- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
+++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 15:27:15.000000000 +0100
@@ -443,7 +443,10 @@ static ssize_t raw1394_read(struct file
req->req.error = RAW1394_ERROR_MEMFAULT;
}
}
- __copy_to_user(buffer, &req->req, sizeof(req->req));
+ if (__copy_to_user(buffer, &req->req, sizeof(req->req))) {
+ free_pending_request(req);
+ return -EFAULT;
+ }

free_pending_request(req);
return sizeof(struct raw1394_request);



--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/

2005-03-03 23:16:33

by Panagiotis Issaris

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

Hi Jody,

My previous e-mail seemed to be messed up by Thunderbird... so now I'm using good
old Mutt again.

On Thu, Mar 03, 2005 at 04:48:43PM -0500 or thereabouts, Jody McIntyre wrote:
> > Thanks. Here's my third try :-)
> >
> > With friendly regards,
> > Takis
>
> I'll apply this to the 1394 tree and send it to Linus after testing if
> you add a Signed-off-by: line per Documentation/SubmittingPatches .
> Also, please cc [email protected] with ieee1394
> changes.

Sure! Thanks!


Adds the missing failure handling for a __copy_to_user call.


Signed-off-by: Panagiotis Issaris <[email protected]>


diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
--- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
+++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 15:27:15.000000000 +0100
@@ -443,7 +443,10 @@ static ssize_t raw1394_read(struct file
req->req.error = RAW1394_ERROR_MEMFAULT;
}
}
- __copy_to_user(buffer, &req->req, sizeof(req->req));
+ if (__copy_to_user(buffer, &req->req, sizeof(req->req))) {
+ free_pending_request(req);
+ return -EFAULT;
+ }

free_pending_request(req);
return sizeof(struct raw1394_request);


--
K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
http://people.mech.kuleuven.ac.be/~pissaris/

2005-03-05 19:25:50

by Jody McIntyre

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

On Thu, Mar 03, 2005 at 11:55:09PM +0100, Panagiotis Issaris wrote:

> Adds the missing failure handling for a __copy_to_user call.
>
>
> Signed-off-by: Panagiotis Issaris <[email protected]>

Sorry I didn't notice this sooner, but this was already fixed and has
been sent to Linus (hopefully to appear in 2.6.12.)

Jody

>
> diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c linux-2.6.11-pi/drivers/ieee1394/raw1394.c
> --- linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02 11:44:26.000000000 +0100
> +++ linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02 15:27:15.000000000 +0100
> @@ -443,7 +443,10 @@ static ssize_t raw1394_read(struct file
> req->req.error = RAW1394_ERROR_MEMFAULT;
> }
> }
> - __copy_to_user(buffer, &req->req, sizeof(req->req));
> + if (__copy_to_user(buffer, &req->req, sizeof(req->req))) {
> + free_pending_request(req);
> + return -EFAULT;
> + }
>
> free_pending_request(req);
> return sizeof(struct raw1394_request);
>
>
> --
> K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research Group
> http://people.mech.kuleuven.ac.be/~pissaris/
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/

--

2005-03-05 21:11:03

by Gene Heskett

[permalink] [raw]
Subject: Re: [PATCH] raw1394 missing failure handling

On Saturday 05 March 2005 13:47, Jody McIntyre wrote:
>On Thu, Mar 03, 2005 at 11:55:09PM +0100, Panagiotis Issaris wrote:
>> Adds the missing failure handling for a __copy_to_user call.
>>
>>
>> Signed-off-by: Panagiotis Issaris <[email protected]>
>
>Sorry I didn't notice this sooner, but this was already fixed and
> has been sent to Linus (hopefully to appear in 2.6.12.)
>
>Jody

Jody, Panagiotis; A much more complete patch is already sitting in
the bk queue. This is a relatively small piece of that one. You can
get it from:

<ftp.kernel.org/pub/linux/kernel/people/akpm/patches/2.6/2.6.11/2.6.11-mm1/broken-out>

As the bk-ieee1394.patch you can see there.

>> diff -pruN linux-2.6.11/drivers/ieee1394/raw1394.c
>> linux-2.6.11-pi/drivers/ieee1394/raw1394.c ---
>> linux-2.6.11/drivers/ieee1394/raw1394.c 2005-03-02
>> 11:44:26.000000000 +0100 +++
>> linux-2.6.11-pi/drivers/ieee1394/raw1394.c 2005-03-02
>> 15:27:15.000000000 +0100 @@ -443,7 +443,10 @@ static ssize_t
>> raw1394_read(struct file req->req.error = RAW1394_ERROR_MEMFAULT;
>> }
>> }
>> - __copy_to_user(buffer, &req->req, sizeof(req->req));
>> + if (__copy_to_user(buffer, &req->req, sizeof(req->req)))
>> { + free_pending_request(req);
>> + return -EFAULT;
>> + }
>>
>> free_pending_request(req);
>> return sizeof(struct raw1394_request);
>>
>>
>> --
>> K.U.Leuven, Mechanical Eng., Mechatronics & Robotics Research
>> Group http://people.mech.kuleuven.ac.be/~pissaris/
>>
>> -
>> To unsubscribe from this list: send the line "unsubscribe
>> linux-kernel" in the body of a message to
>> [email protected]
>> More majordomo info at http://vger.kernel.org/majordomo-info.html
>> Please read the FAQ at http://www.tux.org/lkml/

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
99.34% setiathome rank, not too shabby for a WV hillbilly
Yahoo.com attorneys please note, additions to this message
by Gene Heskett are:
Copyright 2005 by Maurice Eugene Heskett, all rights reserved.