Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263481AbTEIVcI (ORCPT ); Fri, 9 May 2003 17:32:08 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263482AbTEIVcI (ORCPT ); Fri, 9 May 2003 17:32:08 -0400 Received: from elaine24.Stanford.EDU ([171.64.15.99]:29573 "EHLO elaine24.Stanford.EDU") by vger.kernel.org with ESMTP id S263481AbTEIVcH (ORCPT ); Fri, 9 May 2003 17:32:07 -0400 Date: Fri, 9 May 2003 14:44:41 -0700 (PDT) From: Junfeng Yang To: Linux Kernel Mailing List Subject: [CHECKER] Clarifications needed on a user-pointer false alarm in kernel/kmod.c In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1068 Lines: 31 Hi, I got the following false alarm in kernel/kmod.c. the call chain is sys_wait4 (_, &sub_info->retval) -> wait_task_zombie (_, _, stat_addr, _) -> put_user (_, stat_addr), which means &sub_info->retval will be passed into put_user. From the calling context, sub_info should be in kernel space, so &sub_info->retval should be in kernel space as well. The explanation for this false alarm could be that the call chain wasn't realistic, but I'm not sure. Can you guys please help me on that? /home/junfeng/linux-tainted/kernel/kmod.c:185:wait_for_helper: ERROR:TAINTED:185:185: dereferencing tainted ptr 'sub_info' [Callstack: ] if (pid < 0) sub_info->retval = pid; else sys_wait4(pid, (unsigned int *)&sub_info->retval, 0, NULL); Error ---> complete(sub_info->complete); return 0; } - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/