RE: [PATCH 1/1] net: ioctl: Use kernel memory on protocol ioctl callbacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Willem de Bruijn
> Sent: 19 May 2023 16:09
> Since that is a limited well understood list, I'm not in favor of the
> suggestion to add an explicit length argument that then needs to be
> checked in each callee.

While calls from userspace and direct calls from drivers can be
reasonably expected to have the required length buffer, I'm
not sure that is guaranteed for indirect calls via io_uring
and bpf.
In those cases the associated length is likely to come from
userspace and a suitably sized kernel buffer allocated.
So something needs to ensure the buffer is long enough
(and, indeed, not stupidly long).

Now you could require that the caller always supply a buffer
of at least (say) 64 bytes as well as the actual length.
Then only callee functions that have a long buffer need check.

An alternate option is to define a union of all the valid
argument types and require that any code making 'unknown'
requests supply a kernel buffer of that length.
(With due care taken to avoid overlong copies of uninitialised
kernel memory back to userspace.)

The same union would be useful as an upper bound for the
kernel buffer size - even if it is too large to always
allocate on stack.


Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

[Index of Archives]     [Linux Networking Development]     [Linux OMAP]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     SCTP

  Powered by Linux