| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Feb 2018 09:56:57 -0600
From: Brijesh Singh <brijesh.singh@....com>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: brijesh.singh@....com, kvm@...r.kernel.org,
Paolo Bonzini <pbonzini@...hat.com>,
Radim Krčmář <rkrcmar@...hat.com>,
Borislav Petkov <bp@...e.de>,
Tom Lendacky <thomas.lendacky@....com>,
linux-kernel@...r.kernel.org, Joerg Roedel <joro@...tes.org>
Subject: Re: [PATCH] KVM: SVM: Fix sparse: incorrect type in argument 1
(different base types)
On 02/21/2018 02:18 PM, Al Viro wrote:
> On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote:
>
>> Sure, checking access_ok() does not guarantee that later
>> copy_from_user() will not fail. But it does eliminate one possible
>> reason for the failure. We are trying to validate most of the user
>> inputs before we invoke SEV command.
>
> That makes no sense whatsoever. If user is deliberately fuzzing
> your code or trying to DoS it, that "validation" doesn't buy you
> anything - they can just as well feed you NULL, after all.
>
Currently, we let user query the blob length with params.len == 0 ||
param.uaddr == NULL. We could limit it to just params.len == 0.
> What is the rationale for that? "Userland is accidentally feeding
> us garbage pointers" is the case where slowness is the least of your
> concerns...
>
My intent was to do some obvious failure checks on user inputs before
invoking the HW. I do see your point that if userspace is feeding us
garbage then slowness is least of our concern. If you think that we
should not be using access_ok() in this particular case then I am okay
with it.
Powered by blists - more mailing lists