lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LNX.2.00.1001251758230.30977@pobox.suse.cz>
Date:	Mon, 25 Jan 2010 17:59:00 +0100 (CET)
From:	Jiri Kosina <jkosina@...e.cz>
To:	"Rick L. Vinyard, Jr." <rvinyard@...nmsu.edu>
Cc:	Oliver Neukum <oliver@...kum.org>, linux-kernel@...r.kernel.org,
	felipe.balbi@...ia.com, pavel@....cz, jayakumar.lkml@...il.com,
	linux-fbdev@...r.kernel.org, krzysztof.h1@...pl,
	akpm@...ux-foundation.org, linux-usb@...r.kernel.org,
	linux-input@...r.kernel.org, dmitry.torokhov@...il.com
Subject: Re: [PATCH] hid: Logitech G13 driver 0.0.4

On Mon, 25 Jan 2010, Rick L. Vinyard, Jr. wrote:

> > Am Mittwoch, 20. Januar 2010 21:47:22 schrieb Rick L. Vinyard Jr.:
> >> +       if (copy_from_user(dst, buf, count))
> >> +               err = -EFAULT;
> >> +
> >> +       if (!err)
> >> +               *ppos += count;
> >> +
> >> +       g13_fb_update(par);
> >> +
> >> +       return (err) ? err : count;
> >
> > Do you really want to go on if you get -EFAULT?
> >
> 
> Since the hecubafb driver (which I based this portion of the g13 driver
> on) uses the same approach I tried to justify it myself when I first saw
> it.
> 
> I don't know if this was the intent of the hecubafb author, but this is
> the way I saw it.
> 
> By this point the copy_from_user() has failed. If it resulted in a partial
> copy to dst then continuing on to an update can't hurt, and would reduce
> display jitter if a re-write occurs from userspace. If a re-write doesn't
> occur the virtual framebuffer is hosed anyways as dst is is the underlying
> framebuffer.
> 
> Given that, the worst-case consequence seems to be an unnecessary update
> to the device display.

Well, it's quite questionable (and I'd say unexpected) behavior to go on 
even if userspace passes wild pointers to kernel.

-- 
Jiri Kosina
SUSE Labs, Novell Inc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ