>From Christian Brauner
> Sent: 31 October 2019 11:36
>
> Validate the stack arguments and setup the stack depening on whether or not
> it is growing down or up.
>
...
> -static bool clone3_args_valid(const struct kernel_clone_args *kargs)
> +/**
> + * clone3_stack_valid - check and prepare stack
> + * @kargs: kernel clone args
> + *
> + * Verify that the stack arguments userspace gave us are sane.
> + * In addition, set the stack direction for userspace since it's easy for us to
> + * determine.
> + */
> +static inline bool clone3_stack_valid(struct kernel_clone_args *kargs)
> +{
> + if (kargs->stack == 0) {
> + if (kargs->stack_size > 0)
> + return false;
> + } else {
> + if (kargs->stack_size == 0)
> + return false;
> +
> + if (!access_ok((void __user *)kargs->stack, kargs->stack_size))
> + return false;
Does access_ok() do anything useful here?
It only verifies that the buffer isn't in kernel space.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
