Commit:     712a30e63c8066ed84385b12edbfb804f49cbc44
Parent:     25f666300625d894ebe04bac2b4b3aadb907c861
Author:     Bastian Blank <[EMAIL PROTECTED]>
AuthorDate: Sun Feb 10 16:47:57 2008 +0200
Committer:  Linus Torvalds <[EMAIL PROTECTED]>
CommitDate: Sun Feb 10 10:27:21 2008 -0800

    splice: fix user pointer access in get_iovec_page_array()
    Commit 8811930dc74a503415b35c4a79d14fb0b408a361 ("splice: missing user
    pointer access verification") added the proper access_ok() calls to
    copy_from_user_mmap_sem() which ensures we can copy the struct iovecs
    from userspace to the kernel.
    But we also must check whether we can access the actual memory region
    pointed to by the struct iovec to fix the access checks properly.
    Signed-off-by: Bastian Blank <[EMAIL PROTECTED]>
    Acked-by: Oliver Pinter <[EMAIL PROTECTED]>
    Cc: Jens Axboe <[EMAIL PROTECTED]>
    Cc: Andrew Morton <[EMAIL PROTECTED]>
    Signed-off-by: Pekka Enberg <[EMAIL PROTECTED]>
    Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
 fs/splice.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c
index 14e2262..9b559ee 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1234,7 +1234,7 @@ static int get_iovec_page_array(const struct iovec __user 
                if (unlikely(!len))
                error = -EFAULT;
-               if (unlikely(!base))
+               if (!access_ok(VERIFY_READ, base, len))
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at

Reply via email to