Re: [PATCH RFC v2] tpm: tpm_vtpm_proxy: do not reference kernel memory as user memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2023-05-30 at 13:45 -0400, Stefan Berger wrote:
> 
> On 5/29/23 22:01, Jarkko Sakkinen wrote:
> > From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxx>
> > 
> 
> > -	rc = copy_to_user(buf, proxy_dev->buffer, len);
> > +	if (buf)
> > +		rc = copy_to_user(buf, proxy_dev->buffer, len);
> > +
> 
> Looking through other drivers it seems buf is always expected to be a valid non-NULL pointer on file_operations.read().
> 
> 
> https://elixir.bootlin.com/linux/latest/source/arch/x86/mm/tlb.c#L1279   simple_read_from_buffer will pass the pointer to the user buffer along and it ('to') ends up in copy_to_user(to, ...);
> 
> 
> Same here: https://elixir.bootlin.com/linux/latest/source/security/integrity/ima/ima_fs.c#L41

It is good to mention here that IMA uses __user tagged pointers
correctly, and it does not really compare to the vtpm driver code
by any possible means. So let's not add illegit comparison points.

BR, Jarkko




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux