On 22/02/2018 16:56, Brijesh Singh wrote: > > > On 02/21/2018 02:18 PM, Al Viro wrote: >> On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote: >> >>> Sure, checking access_ok() does not guarantee that later >>> copy_from_user() will not fail. But it does eliminate one possible >>> reason for the failure. We are trying to validate most of the user >>> inputs before we invoke SEV command. >> >> That makes no sense whatsoever. If user is deliberately fuzzing >> your code or trying to DoS it, that "validation" doesn't buy you >> anything - they can just as well feed you NULL, after all. >> > > > Currently, we let user query the blob length with params.len == 0 || > param.uaddr == NULL. We could limit it to just params.len == 0. > > >> What is the rationale for that? "Userland is accidentally feeding >> us garbage pointers" is the case where slowness is the least of your >> concerns... >> > > My intent was to do some obvious failure checks on user inputs before > invoking the HW. I do see your point that if userspace is feeding us > garbage then slowness is least of our concern. If you think that we > should not be using access_ok() in this particular case then I am okay > with it. Can you please send a patch? Thanks! Paolo
