From: Stefan Berger > Sent: 30 May 2023 18:46 > > On 5/29/23 22:01, Jarkko Sakkinen wrote: > > From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxx> > > > > > - rc = copy_to_user(buf, proxy_dev->buffer, len); > > + if (buf) > > + rc = copy_to_user(buf, proxy_dev->buffer, len); > > + > > Looking through other drivers it seems buf is always expected to be a valid non-NULL pointer on > file_operations.read(). If the user passes NULL the copy_to/from_user() fails and -EFAULT is returned. Adding the NULL check makes the request silently succeed. I doubt that is anywhere near right when you ignore copy_from_user(). I'm not sure what the rational/subject is about either. copy_to/from_user() calls access_ok() and will fail on a kernel address. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
