On 02/23/2018 12:05 PM, Paolo Bonzini wrote:
On 22/02/2018 16:56, Brijesh Singh wrote:
On 02/21/2018 02:18 PM, Al Viro wrote:
On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote:
Sure, checking access_ok() does not guarantee that later
copy_from_user() will not fail. But it does eliminate one possible
reason for the failure. We are trying to validate most of the user
inputs before we invoke SEV command.
That makes no sense whatsoever. If user is deliberately fuzzing
your code or trying to DoS it, that "validation" doesn't buy you
anything - they can just as well feed you NULL, after all.
Currently, we let user query the blob length with params.len == 0 ||
param.uaddr == NULL. We could limit it to just params.len == 0.
What is the rationale for that? "Userland is accidentally feeding
us garbage pointers" is the case where slowness is the least of your
concerns...
My intent was to do some obvious failure checks on user inputs before
invoking the HW. I do see your point that if userspace is feeding us
garbage then slowness is least of our concern. If you think that we
should not be using access_ok() in this particular case then I am okay
with it.
Can you please send a patch? Thanks!
Sure, I will send patch soon.
-Brijesh