[PATCH] Memset the kernel copy of rtas args before using

Milton Miller miltonm at bga.com
Sat Jul 26 14:17:10 EST 2008


On Sat Jul 26 at 07:25:47 EST in 2008, Nathan Fontenot wrote:
> The kernel copy of the rtas args struct that is read in from
> user space is a stack variable.  This structure should be
> zero'ed out before we do any reads/writes to/from the user
> when handling a rtas call request.  This patch adds a memset
> to do this.

Why bother to zero the data before copying from the user?  We
check that they supply data for the whole input range needed.

> I am seeing an issue in testing partition mobility, where the
> parts of the rtas args struct that return status top the user
> contain stale data.

Please change the patch to just clear the output arg range.
(I"m fine not trusting firmware to set all output args based
on what the user suggested the return arg count would be).

And we can do it after we decide not to return an error:

  792         if (args.token == RTAS_UNKNOWN_SERVICE)
  793                 return -EINVAL;
  794
  795         /* Need to handle ibm,suspend_me call specially */


milton




More information about the Linuxppc-dev mailing list