Re: [PATCH] mpt3sas: downgrade full copy_from_user to access_ok check

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> On Sep 20, 2017, at 11:26 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
> 
> On Tue, Sep 19, 2017 at 11:11:11PM -0400, Meng Xu wrote:
>> Since right after the user copy, we are going to
>> memset(&karg, 0, sizeof(karg)), I guess an access_ok check is enough?
> 
> access_ok() is *NOT* "will copy_from_user() succeed?"  Not even close.
> On a bunch of architectures (sparc64, for one) access_ok() is always
> true.
> 
> All it does is checking that address is not a kernel one - e.g. on
> i386 anything in range 0..3Gb qualifies.  Whether anything's mapped
> at that address or not.
> 
> Why bother with that copy_from_user() at all?  The same ioctl()
> proceeds to copy_to_user() on exact same range; all you get from
> it is "if the area passed by caller is writable, but not readable,
> fail with -EFAULT".  Who cares?
> 
> Just drop that copy_from_user() completely.  Anything access_ok()
> might've caught will be caught by copy_to_user() anyway.

Yes, Christoph has suggested the same thing and I have submitted 
another patch with copy_from_user removed entirely.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux