linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] initialize all fields
@ 2012-01-30 11:05 Julia Lawall
  2012-01-30 11:05 ` [PATCH] drivers/gpu/drm/drm_ioc32.c: " Julia Lawall
  0 siblings, 1 reply; 2+ messages in thread
From: Julia Lawall @ 2012-01-30 11:05 UTC (permalink / raw)
  To: David Airlie; +Cc: kernel-janitors, dri-devel, linux-kernel

This patch fixes a case where a structure field is not initialized before
the structureis copied to user level.

The semantic match that finds this problem is as follows
(http://coccinelle.lip6.fr/).  It uses other references to the same
structure in the current file to find the set of fields that should be
initialized.

@a disable decl_init@
identifier x,x1;
type T,T1;
expression e,sz;
@@

T x;
... when any
copy_to_user(e,&x,sz)

@r@
a.T y;
identifier f,f1,f2;
@@

(
y.f1[...]
|
y.f1.f2
|
y.f
)

@b@
identifier a.x,r.f;
type a.T;
expression e,e1,sz;
position p,p0;
@@

T x@p0;
... when != x.f = e1
    when != &x
    when != &(x.f)
    when != get_user(x.f,...)
    when != __get_user(x.f,...)
    when != x = e1
copy_to_user@p(e,&x,sz)

@script:ocaml@
t << a.T;
x << a.x;
f << r.f;
p << b.p;
@@

Printf.printf "%s:%d: %s %s missing %s\n" (List.hd p).file (List.hd p).line
   t x f


^ permalink raw reply	[flat|nested] 2+ messages in thread
* [PATCH] drivers/gpu/drm/drm_ioc32.c: initialize all fields
  2012-01-30 11:05 [PATCH] initialize all fields Julia Lawall
@ 2012-01-30 11:05 ` Julia Lawall
  0 siblings, 0 replies; 2+ messages in thread
From: Julia Lawall @ 2012-01-30 11:05 UTC (permalink / raw)
  To: David Airlie; +Cc: kernel-janitors, dri-devel, linux-kernel

From: Julia Lawall <Julia.Lawall@lip6.fr>

The c32 structure is allocated on the stack and its idx field is not
initialized before copying it to user level.  This patch takes the value
from the result of the ioctl, as done for the other fields.

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>

---
An alternative would be to change the earlier code

        if (get_user(idx, &argp->idx))
                return -EFAULT;

to write into the c32 structure, rather than into the local idx variable.
This would be more similar to what is done in compat_drm_version.

 drivers/gpu/drm/drm_ioc32.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/gpu/drm/drm_ioc32.c b/drivers/gpu/drm/drm_ioc32.c
index ddd70db..637fcc3 100644
--- a/drivers/gpu/drm/drm_ioc32.c
+++ b/drivers/gpu/drm/drm_ioc32.c
@@ -315,7 +315,8 @@ static int compat_drm_getclient(struct file *file, unsigned int cmd,
 	if (err)
 		return err;
 
-	if (__get_user(c32.auth, &client->auth)
+	if (__get_user(c32.idx, &client->idx)
+	    || __get_user(c32.auth, &client->auth)
 	    || __get_user(c32.pid, &client->pid)
 	    || __get_user(c32.uid, &client->uid)
 	    || __get_user(c32.magic, &client->magic)


^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2012-01-30 11:06 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-01-30 11:05 [PATCH] initialize all fields Julia Lawall
2012-01-30 11:05 ` [PATCH] drivers/gpu/drm/drm_ioc32.c: " Julia Lawall

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).