On Sat, 24 Jun 2006, Al Viro wrote:
> On Sat, Jun 24, 2006 at 10:38:37AM -0700, Greg KH wrote:
> > Ugh, ok, I went back and forth with Andrew on this, before I took it.
> > Andrew, any objections to reverting this now?
>
> Also spelled as "Andrew, could you please RTFS?"
>
> When we have
>
> struct foo {
> <something>
> struct bar array[0];
> };
> struct foo *p;
>
> then p->array does _not_ dereference p; it is equivalent to
>
> (struct bar *)((char *)p + offsetof(struct foo, array))
>
> and, for pointer to userland (header + variable-sized array), it will
> give us exactly what we want; namely, pointer to the beginning of
> userland array.
>
> I really wonder what the fsck had inspired the original "report" - definitely
> not sparse. "Fixed" version, OTOH, does trigger sparse warnings with
> -Wcast-to-as; deservedly so, since we cast pointer to on-stack object to
> __user pointer. That alone should've been sufficient indicator of something
> bogus going on. Quick look at the function we pass it to would show that
> it does copy_from_user() from that argument, i.e. it really doesn't make
> any sense to give it address of something in kernel stack. Sigh...
Isn't it obvious what inspired the original report?
If you don't look very closely at the structure definition you won't
realize that iso_frame_desc is an array. If it were a scalar field then
the patch would have been correct.
Clearly this was a "theoretical" fix that had never been tested.
Alan Stern
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
