RE: [PATCH RFC v2] tpm: tpm_vtpm_proxy: do not reference kernel memory as user memory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Stefan Berger
> Sent: 30 May 2023 18:46
> 
> On 5/29/23 22:01, Jarkko Sakkinen wrote:
> > From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxx>
> >
> 
> > -	rc = copy_to_user(buf, proxy_dev->buffer, len);
> > +	if (buf)
> > +		rc = copy_to_user(buf, proxy_dev->buffer, len);
> > +
> 
> Looking through other drivers it seems buf is always expected to be a valid non-NULL pointer on
> file_operations.read().

If the user passes NULL the copy_to/from_user() fails and
-EFAULT is returned.

Adding the NULL check makes the request silently succeed.
I doubt that is anywhere near right when you ignore copy_from_user().

I'm not sure what the rational/subject is about either.
copy_to/from_user() calls access_ok() and will fail on
a kernel address.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux