On 04/05/2018 08:31 AM, Kees Cook wrote: > On Wed, Apr 4, 2018 at 3:31 AM, Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: >> Lars-Peter Clausen (2): >> usb: gadget: ffs: Execute copy_to_user() with USER_DS set > > https://git.kernel.org/linus/4058ebf33cb0be88ca516f968eda24ab7b6b93e4 > > Isn't there a better way to do this without the set_fs() usage? We've > been try to eliminate it in the kernel. I thought there was a safer > way to use iters now? The problem is use_mm(). It needs to be accompanied with set_fs(DS_USER) to work reliably. This has simply been missing for this particular instance of use_mm(). Now, in my opinion, use_mm() is not the best approach here in the first place and instead of using copy_to_user() it is probably better to map the userspace pages to kernel space and then access them directly. But that's a lot more intrusive and separate from this issue. - Lars -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
