On Sat, Sep 17, 2005 at 05:34:36PM +0200, Blaisorblade wrote:
> In fact, beyond this problem, we also fail to check whether the faulting
> address is under TASK_SIZE in TT mode on read accesses:
>
> #define access_ok_tt(type, addr, size) \
> ((type == VERIFY_READ) || (segment_eq(get_fs(), KERNEL_DS)) || \
> (((unsigned long) (addr) <= ((unsigned long) (addr) + (size))) && \
> (under_task_size(addr, size) || is_stack(addr, size))))
>
> See "(type == VERIFY_READ) || "do some real testing"? That's totally bogus.
>
> Jeff, what's that for? Not only the user can read on its own from kernel
> memory, we turn that into a feature and allow that as syscall parameter too?
> Waiting for an answer before fixing.
I think you're right. I don't see why that VERIFY_READ is there.
Jeff
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
User-mode-linux-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/user-mode-linux-devel
