BUG kernel macro: copy_to_user

Andreas Krebs (krebs@qkal.sap-ag.de)
Thu, 08 Apr 1999 09:52:30 +0200

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Previous message: Iain Grant: "Linux Kernel 2.2.x and Takara platform"

i think i found a serious bug in the __copy_tofrom_user macro define
in include/asm-alpha/uaccess.h

i was trying to install isdn under alpha linux and noticed that some
ioctls from isdnctrl failed without any reason, so i looked into the
isdn_common.c code and notice that calls to copy_to_user failed.

all the calls that failed had in common that the size was NOT constant,
in this case the call was as follows:
          if (copy_to_user((char *) arg, s, strlen(s) + 1)){
                 ret = -EFAULT;
          } else {
                 ret = 0; }
          }

i checked all addresses, ranges and the statement failed all the time
until i changed strlen(s)+1 into a constant.

so i take a look at the copy_to_user macro and notice, that some
registers are used direct. i think the strlen() command somehow messes
up this registers and causes the following __access_ok to fail.
so i changed the macro a bit, by moving the length calc to the top
(the complete patch is attached below):

 #define __copy_tofrom_user(to,from,n,v) \
 ({ \
- register long __tmp_len = (n); \
        register void * __cu_to __asm__("$6") = (to); \
        register const void * __cu_from __asm__("$7") = (from); \
- register long __cu_len __asm__("$0") = __tmp_len; \
+ register long __cu_len __asm__("$0") = (n); \
        if (__access_ok(((long)(v)),__cu_len,get_fs())) { \
 

this solved the problem and the isdnctrl ioctls now seem to work.

maybe someone how knows more about inline assembler should have a look.
i think this can cause a lot of trouble not only with isdn but with other
drivers also.

bye,
Andreas

PS:
my machine is a 164SX, the isdn card is a Eicon DIVA PCI. i experienced
the problem with ALL 2.2.* kernels and both egcs 1.0.2 and 1.1.2.
the patch is against as 2.2.5-ac4 but should also work with other kernels.

• application/x-gzip attachment: alpha-uaccess.patch.gz

_____________________________________________________________________________

                               Andreas S. Krebs

                CEC Karlsruhe, SAP AG, krebs@qkal.sap-ag.de
_____________________________________________________________________________

-- 
To unsubscribe: send e-mail to axp-list-request@redhat.com with
'unsubscribe' as the subject.  Do not send it to axp-list@redhat.com

• Previous message: Iain Grant: "Linux Kernel 2.2.x and Takara platform"

This archive was generated by hypermail 2.0b3 on Thu Apr 08 1999 - 01:00:11 PDT