Real bug - Fixed in next 2.4 -ac tree
> drivers/scsi/scsi_ioctl.c:383: return copy_to_user(arg, dev->host->pci_dev->slot_name,
Real bug - fixed in next 2.4 -ac tree
> drivers/sgi/char/sgiserial.c:1239: return copy_to_user(retinfo,&tmp,sizeof(*retinfo));
Real bug - fixed in next 2.4 -ac tree
> drivers/usb/misc/auerswald.c:1556: ret = copy_to_user(devinfo.buf, cp->dev_desc, u);
Real bug - fixed in next 2.4 -ac tree
> arch/sparc/kernel/sys_sunos.c:481: ret = copy_to_user(&name->sname[0], &system_utsname.sysname[0], sizeof(name->sname) - 1);
Very broken.
> arch/sparc64/kernel/sys_sparc32.c:3675: return copy_to_user(res32, kres, sizeof(*res32));
Looks very borked in several other spots
> arch/mips64/kernel/linux32.c:1537: err |= __copy_from_user (p->mtext, &up->mtext, second);
Real bug - fixed in next 2.4 -ac tree
> arch/s390/kernel/debug.c:458: if ((rc = copy_to_user(user_buf + count,
This one is interesting - its not just a misunderstanding of the API also a
return of the wrong variable
> arch/s390/kernel/ptrace.c:119: retval=copy_from_user((void *)realuseraddr,(void *)copyaddr,len);
Not a bug
> arch/s390/kernel/ptrace.c:345: if((ret=copy_from_user(&parea,(void *)addr,sizeof(parea)))==0)
Real bug - fixed in next 2.4 -ac tree
> arch/s390x/kernel/debug.c:458: if ((rc = copy_to_user(user_buf + count,
As per s390
> arch/s390x/kernel/ptrace.c:119: retval = copy_from_user(realuserptr, copyptr, len);
Not a bug
> arch/s390x/kernel/ptrace.c:360: if((ret=copy_from_user(&parea,(void *)addr,sizeof(parea)))==0)
Real bug - fixed in the next 2.4 -ac tree
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/