| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Mar 2009 20:00:33 -0700 From: Andrew Morton <akpm@...ux-foundation.org> To: Li Zefan <lizf@...fujitsu.com> Cc: Arjan van de Ven <arjan@...radead.org>, adobriyan@...il.com, linux-kernel@...r.kernel.org, linux-mm@...ck.org Subject: Re: [PATCH -v2] memdup_user(): introduce On Mon, 09 Mar 2009 10:22:08 +0800 Li Zefan <lizf@...fujitsu.com> wrote: > >>> +EXPORT_SYMBOL(memdup_user); > > > > Hi, > > > > I like the general idea of this a lot; it will make things much less > > error prone (and we can add some sanity checks on "len" to catch the > > standard security holes around copy_from_user usage). I'd even also > > want a memdup_array() like thing in the style of calloc(). > > > > However, I have two questions/suggestions for improvement: > > > > I would like to question the use of the gfp argument here; > > copy_from_user sleeps, so you can't use GFP_ATOMIC anyway. > > You can't use GFP_NOFS etc, because the pagefault path will happily do > > things that are equivalent, if not identical, to GFP_KERNEL. > > > > So the only value you can pass in correctly, as far as I can see, is > > GFP_KERNEL. Am I wrong? > > > > Right! I just dug and found a few kmalloc(GFP_ATOMIC/GFP_NOFS)+copy_from_user(), > so we have one more reason to use this memdup_user(). gack, those callsites are probably buggy. Where are they? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists