Date: Tue, 3 Nov 2009 23:07:47 +0900 (JST)
From: KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>
To: Americo Wang <xiyou.wangcong@gmail.com>
Subject: Re: [PATCH v4] Added PR_SET_PROCTITLE_AREA option for prctl()
Cc: kosaki.motohiro@jp.fujitsu.com, Timo Sirainen <tss@iki.fi>,
       Bryan Donlan <bdonlan@gmail.com>, Ulrich Drepper <drepper@redhat.com>,
       LKML <linux-kernel@vger.kernel.org>,
       Andrew Morton <akpm@linux-foundation.org>, linux-api@vger.kernel.org
In-Reply-To: <20091103094703.GB11134@hack.redhat.com>
References: <20091101211321.F3FC.A69D9226@jp.fujitsu.com> <20091103094703.GB11134@hack.redhat.com>
Message-Id: <20091103230548.0B45.A69D9226@jp.fujitsu.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 993
Lines: 37

> >+		case PR_SET_PROCTITLE_AREA: {
> >+			struct mm_struct *mm = current->mm;
> >+			unsigned long addr = arg2;
> >+			unsigned long len = arg3;
> >+			unsigned long end = arg2 + arg3;
> >+
> >+			if (len > PAGE_SIZE)
> >+				return -EINVAL;
> >+
> >+			if (addr >= end)
> >+				return -EINVAL;
> >+
> >+			if (!access_ok(VERIFY_READ, addr, len))
> >+				return -EFAULT;
> >+
> >+			mutex_lock(&mm->arg_lock);
> >+			mm->arg_start = addr;
> 
> Is this safe? You're assigning a user-space pointer to kernel space...
> Don't we need copy_from_user()?

mm->arg_start, arg_end are defined so.
Please see current implementation. 


> >+			mm->arg_end = addr + len;
> 
> Since you already have 'end', no need to caculate this again. :)

Good catch :)


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/