Hello, Al. I think that this access_ok() check helps reducing partial writes (either "whole amount was processed" or "not processed at all" unless -ENOMEM). Do you think that such attempt is pointless? Then, please go ahead... On 2020/05/10 8:45, Al Viro wrote: > From: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > > address is passed only to get_user() > > Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > --- > security/tomoyo/common.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c > index 1b467381986f..f93f8acd05f7 100644 > --- a/security/tomoyo/common.c > +++ b/security/tomoyo/common.c > @@ -2662,8 +2662,6 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, > > if (!head->write) > return -EINVAL; > - if (!access_ok(buffer, buffer_len)) > - return -EFAULT; > if (mutex_lock_interruptible(&head->io_sem)) > return -EINTR; > head->read_user_buf_avail = 0; >
