| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 09 Mar 2009 10:22:08 +0800 From: Li Zefan <lizf@...fujitsu.com> To: Arjan van de Ven <arjan@...radead.org> CC: Andrew Morton <akpm@...ux-foundation.org>, adobriyan@...il.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH -v2] memdup_user(): introduce >>> +EXPORT_SYMBOL(memdup_user); > > Hi, > > I like the general idea of this a lot; it will make things much less > error prone (and we can add some sanity checks on "len" to catch the > standard security holes around copy_from_user usage). I'd even also > want a memdup_array() like thing in the style of calloc(). > > However, I have two questions/suggestions for improvement: > > I would like to question the use of the gfp argument here; > copy_from_user sleeps, so you can't use GFP_ATOMIC anyway. > You can't use GFP_NOFS etc, because the pagefault path will happily do > things that are equivalent, if not identical, to GFP_KERNEL. > > So the only value you can pass in correctly, as far as I can see, is > GFP_KERNEL. Am I wrong? > Right! I just dug and found a few kmalloc(GFP_ATOMIC/GFP_NOFS)+copy_from_user(), so we have one more reason to use this memdup_user(). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists