> > [BUG] raddr seems to be a user pointer, but is written at the end of
> > the system call.
> >
> > ipc/shm.c: ERROR: system call 'sys_shmat' derefs non-tainted param= 3
> >
> > asmlinkage long sys_shmat (int shmid, char *shmaddr, int shmflg, ulong *raddr)
> > {
> > struct shmid_kernel *shp;
> >
> >
> > ...
> > *raddr = (unsigned long) user_addr;
> > err = 0;
> > if (IS_ERR(user_addr))
> > err = PTR_ERR(user_addr);
> > return err;
>
> Believe it or not, this one is OK :-)
>
> All callers pass in a pointer to a local stack kernel variable
> in raddr.
Ah. I assumed that "sys_*" meant that all pointers were from user space ---
is this generally not the case? (Also, are there other functions called
directly from user space that don't have the sys_* prefix?)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
