On Fri, Nov 11, 2022 at 03:16:34PM -0800, Evan Green wrote:
> Limiting this to the data portion allows the kernel to receive the page
> map and prepare its giant allocation even if this user key is not yet
> available (ie the user has not yet finished typing in their password).
What is meant by the "data portion"?
> +int snapshot_set_user_key(struct snapshot_data *data,
> + struct uswsusp_user_key __user *key)
> +{
> + struct uswsusp_user_key user_key;
> + unsigned int key_len;
> + int rc;
> + loff_t size;
> +
> + /*
> + * Return the metadata size, the number of bytes that can be fed in before
> + * the user data key is needed at resume time.
> + */
> + size = snapshot_get_meta_data_size();
> + rc = put_user(size, &key->meta_size);
> + if (rc)
> + return rc;
> +
> + rc = copy_from_user(&user_key, key, sizeof(struct uswsusp_user_key));
> + if (rc)
> + return rc;
This isn't correctly checking the return value of copy_from_user().
> +
> + BUILD_BUG_ON(sizeof(data->user_key) < sizeof(user_key.key));
> +
> + key_len = min_t(__u32, user_key.key_len, sizeof(data->user_key));
> + if (key_len < 8)
> + return -EINVAL;
Shouldn't -EINVAL also be returned if key_len is too large?
- Eric
