On 21-02-14 16:30:09, Al Viro wrote:
> On Tue, Feb 09, 2021 at 04:02:55PM -0800, Ben Widawsky wrote:
>
> > +static int handle_mailbox_cmd_from_user(struct cxl_memdev *cxlmd,
> > + const struct cxl_mem_command *cmd,
> > + u64 in_payload, u64 out_payload,
> > + struct cxl_send_command __user *s)
> > +{
> > + struct cxl_mem *cxlm = cxlmd->cxlm;
> > + struct device *dev = &cxlmd->dev;
> > + struct mbox_cmd mbox_cmd = {
> > + .opcode = cmd->opcode,
> > + .size_in = cmd->info.size_in,
> > + };
> > + s32 user_size_out;
> > + int rc;
> > +
> > + if (get_user(user_size_out, &s->out.size))
> > + return -EFAULT;
>
> You have already copied it in. Never reread stuff from userland - it *can*
> change under you.
As it turns out, this is some leftover logic which doesn't need to exist at all,
and I'm happy to change it. Thanks for reviewing.
I wasn't familiar with this restriction though. For my edification could you
explain how that could happen? Also, is this something that should go in the
kdocs, because I don't see anything about this restriction there.
Thanks.
Ben
