Le 31/01/2020 à 07:53, Russell Currey a écrit :
On Fri, 2020-01-31 at 07:44 +0100, Christophe Leroy wrote:
Le 31/01/2020 à 06:31, Russell Currey a écrit :
+ pr_info("attempting bad read at %px with write allowed\n",
ptr);
+ tmp = *ptr;
+ tmp += 0xc0dec0de;
+ prevent_write_to_user(ptr, sizeof(unsigned long));
Does it work ? I would have thought that if the read fails the
process
will die and the following test won't be performed.
Correct, the ACCESS_USERSPACE test does the same thing. Splitting this
into separate R and W tests makes sense, even if it is unlikely that
one would be broken without the other.
Or once we are using user_access_begin() stuff, we can use
unsafe_put_user() and unsafe_get_user() which should return an error
instead of killing the caller.
Christophe
