| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140225102144.GA10176@dcvr.yhbt.net>
Date: Tue, 25 Feb 2014 10:21:44 +0000
From: Eric Wong <normalperson@...t.net>
To: Nathaniel Yazdani <n1ght.4nd.d4y@...il.com>
Cc: viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH for-next 4/4] epoll: epoll() syscall definition
Nathaniel Yazdani <n1ght.4nd.d4y@...il.com> wrote:
> + * stores triggered eventpoll entries in the 'out' array. The input array is
> + * _not_ read-only, because the resulting event mask gets written back to each
> + * entry's ->ep_events field. When successful, this will be the same as before
> + * (plus EPOLLERR & EPOLLHUP). If ->ep_events gets cleared, then it is reasonable
> + * to infer that the entry's ->ep_fildes was a bad file descriptor.
> + */
> + if (!access_ok(VERIFY_WRITE, in, inc * sizeof(struct epoll)))
> + goto out;
> + for (i = 0; i < inc; ++i) {
> + int fd, io;
> + long long id;
> +
> + ret = -EFAULT;
> + if (__get_user(fd, &in[i].ep_fildes) ||
> + __get_user(io, &in[i].ep_events) ||
> + __get_user(id, &in[i].ep_ident))
> + goto out;
> +
> + ep_control(file->private_data, fd, &io, id, 0);
> + ret = -EFAULT;
> + if (__put_user(io, &in[i].ep_events))
> + goto out;
I don't think we should waste cycles writing to 'in' on success.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists