Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/fs
History
Mathieu Desnoyers 8aec0f5d41 Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 
Looking at mm/process_vm_access.c:process_vm_rw() and comparing it to
compat_process_vm_rw() shows that the compatibility code requires an
explicit "access_ok()" check before calling
compat_rw_copy_check_uvector(). The same difference seems to appear when
we compare fs/read_write.c:do_readv_writev() to
fs/compat.c:compat_do_readv_writev().

This subtle difference between the compat and non-compat requirements
should probably be debated, as it seems to be error-prone. In fact,
there are two others sites that use this function in the Linux kernel,
and they both seem to get it wrong:

Now shifting our attention to fs/aio.c, we see that aio_setup_iocb()
also ends up calling compat_rw_copy_check_uvector() through
aio_setup_vectored_rw(). Unfortunately, the access_ok() check appears to
be missing. Same situation for
security/keys/compat.c:compat_keyctl_instantiate_key_iov().

I propose that we add the access_ok() check directly into
compat_rw_copy_check_uvector(), so callers don't have to worry about it,
and it therefore makes the compat call code similar to its non-compat
counterpart. Place the access_ok() check in the same location where
copy_from_user() can trigger a -EFAULT error in the non-compat code, so
the ABI behaviors are alike on both compat and non-compat.

While we are here, fix compat_do_readv_writev() so it checks for
compat_rw_copy_check_uvector() negative return values.

And also, fix a memory leak in compat_keyctl_instantiate_key_iov() error
handling.

Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 		2013-03-12 11:05:45 -07:00
..
9p fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
adfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
affs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
afs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
autofs4 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
befs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
bfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
btrfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-03-09 16:51:13 -08:00
cachefiles
ceph fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
cifs CIFS: Fix missing of oplock_read value in smb30_values structure 2013-03-06 19:37:01 -06:00
coda fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
configfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
cramfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
debugfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
devpts fs: Limit sys_mount to only request filesystem modules (Part 2). 2013-03-07 01:08:55 -08:00
dlm
ecryptfs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2013-03-09 16:51:13 -08:00
efs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
exofs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
exportfs
ext2 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ext3 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ext4 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
f2fs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
fat fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
freevxfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
fscache
fuse fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
gfs2 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
hfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
hfsplus fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
hostfs hostfs: fix a not needed double check 2013-03-11 10:08:02 +01:00
hpfs
hppfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
hugetlbfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
isofs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
jbd
jbd2
jffs2 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
jfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
lockd
logfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
minix fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ncpfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
nfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
nfs_common
nfsd fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
nilfs2 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
nls
notify
ntfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ocfs2 fs: Limit sys_mount to only request filesystem modules (Part 2). 2013-03-07 01:08:55 -08:00
omfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
openpromfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
proc proc: Use nd_jump_link in proc_ns_follow_link 2013-03-09 00:14:45 -08:00
pstore
qnx4 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
qnx6 fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
quota
ramfs
reiserfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
romfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
squashfs
sysfs
sysv fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
ubifs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
udf
ufs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
xfs fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
Kconfig
Kconfig.binfmt
Makefile
aio.c
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c ImgTec Meta architecture changes for v3.9-rc1 2013-03-03 12:06:09 -08:00
binfmt_elf_fdpic.c
binfmt_em86.c
binfmt_flat.c
binfmt_misc.c fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
binfmt_script.c
binfmt_som.c
bio-integrity.c
bio.c
block_dev.c
buffer.c
char_dev.c
compat.c Fix: compat_rw_copy_check_uvector() misuse in aio, readv, writev, and security keys 2013-03-12 11:05:45 -07:00
compat_binfmt_elf.c
compat_ioctl.c
coredump.c
coredump.h
dcache.c
dcookies.c
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c
exec.c
fcntl.c
fhandle.c
fifo.c
file.c
file_table.c
filesystems.c fs: Limit sys_mount to only request filesystem modules. 2013-03-03 19:36:31 -08:00
fs-writeback.c
fs_struct.c
generic_acl.c
inode.c
internal.h
ioctl.c
ioprio.c
libfs.c
locks.c
mbcache.c
mount.h
mpage.c
namei.c vfs: don't BUG_ON() if following a /proc fd pseudo-symlink results in a symlink 2013-03-08 09:03:07 -08:00
namespace.c
no-block.c
open.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
pipe.c vfs: fix pipe counter breakage 2013-03-12 08:29:17 -07:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
read_write.h
readdir.c
select.c
seq_file.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-03-03 13:23:03 -08:00
signalfd.c
splice.c
stack.c
stat.c
statfs.c
super.c
sync.c
timerfd.c
utimes.c
xattr.c
xattr_acl.c