From: Carsten Haitzler carsten.haitzler@foss.arm.com
Fix the kcmp syscall (when CONFIG_CHECKPOINT_RESTORE is enabled) for the case that the idx arguments might be pointers (capabilites) passed in. One of the kcmp types uses idx2 to carry a capability pointer to extended structure information copied in from userspace.
Signed-off-by: Carsten Haitzler carsten.haitzler@foss.arm.com --- kernel/kcmp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/kcmp.c b/kernel/kcmp.c index 5353edfad8e1..da164266d647 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c @@ -133,7 +133,7 @@ static int kcmp_epoll_target(struct task_struct *task1, #endif
SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, - unsigned long, idx1, unsigned long, idx2) + unsigned long, idx1, user_uintptr_t, idx2) { struct task_struct *task1, *task2; int ret; @@ -204,7 +204,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, #endif break; case KCMP_EPOLL_TFD: - ret = kcmp_epoll_target(task1, task2, idx1, (void *)idx2); + ret = kcmp_epoll_target(task1, task2, idx1, + (struct kcmp_epoll_slot __user *)idx2); break; default: ret = -EINVAL;
On 27/10/2022 16:41, carsten.haitzler@foss.arm.com wrote:
From: Carsten Haitzler carsten.haitzler@foss.arm.com
Fix the kcmp syscall (when CONFIG_CHECKPOINT_RESTORE is enabled) for the case that the idx arguments might be pointers (capabilites) passed in. One of the kcmp types uses idx2 to carry a capability pointer to extended structure information copied in from userspace.
Signed-off-by: Carsten Haitzler carsten.haitzler@foss.arm.com
kernel/kcmp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/kcmp.c b/kernel/kcmp.c index 5353edfad8e1..da164266d647 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c @@ -133,7 +133,7 @@ static int kcmp_epoll_target(struct task_struct *task1, #endif SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type,
unsigned long, idx1, unsigned long, idx2)
{ struct task_struct *task1, *task2; int ret;unsigned long, idx1, user_uintptr_t, idx2)
@@ -204,7 +204,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, #endif break; case KCMP_EPOLL_TFD:
ret = kcmp_epoll_target(task1, task2, idx1, (void *)idx2);
ret = kcmp_epoll_target(task1, task2, idx1,
(struct kcmp_epoll_slot __user *)idx2);
The alignment finishes with 8 spaces, so that should be a tab instead.
Also, I think you've missed my comments on the commit title on both patches in v1.
If you're happy with all three changes I can make them before merging, no need to resend.
Cheers, Kevin
break;
default: ret = -EINVAL;
On 10/31/22 17:04, Kevin Brodsky wrote:
On 27/10/2022 16:41, carsten.haitzler@foss.arm.com wrote:
From: Carsten Haitzler carsten.haitzler@foss.arm.com
Fix the kcmp syscall (when CONFIG_CHECKPOINT_RESTORE is enabled) for the case that the idx arguments might be pointers (capabilites) passed in. One of the kcmp types uses idx2 to carry a capability pointer to extended structure information copied in from userspace.
Signed-off-by: Carsten Haitzler carsten.haitzler@foss.arm.com
kernel/kcmp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/kernel/kcmp.c b/kernel/kcmp.c index 5353edfad8e1..da164266d647 100644 --- a/kernel/kcmp.c +++ b/kernel/kcmp.c @@ -133,7 +133,7 @@ static int kcmp_epoll_target(struct task_struct *task1, #endif SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, - unsigned long, idx1, unsigned long, idx2) + unsigned long, idx1, user_uintptr_t, idx2) { struct task_struct *task1, *task2; int ret; @@ -204,7 +204,8 @@ SYSCALL_DEFINE5(kcmp, pid_t, pid1, pid_t, pid2, int, type, #endif break; case KCMP_EPOLL_TFD: - ret = kcmp_epoll_target(task1, task2, idx1, (void *)idx2); + ret = kcmp_epoll_target(task1, task2, idx1, + (struct kcmp_epoll_slot __user *)idx2);
The alignment finishes with 8 spaces, so that should be a tab instead.
Gah. I could have sword that was needed as the tab had the wrong indent. replaced with spaces. mixing tabs and spaces in code is not a pretty thing.
Also, I think you've missed my comments on the commit title on both patches in v1.
oh i did miss it as it was above the "on xxx y wrote" ... :) the morello in kcmp - missed that.
If you're happy with all three changes I can make them before merging, no need to resend.
Cheers, Kevin
break; default: ret = -EINVAL;
linux-morello@op-lists.linaro.org