| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Jun 2014 11:58:48 +0100 From: Alan Cox <alan@...ux.intel.com> To: James A Shackleford <shack@...ux.com> Cc: gregkh@...uxfoundation.org, devel@...verdev.osuosl.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] staging: goldfish: fix direct copy_to_user() from __iomem On Sun, 2014-06-22 at 03:29 -0400, James A Shackleford wrote: > This patch allocates a few pages and performs an ioread8_rep() from the bus > address, which are then copied to userspace. This fixes the sparse warning: > > drivers/staging/goldfish/goldfish_audio.c:136:43: warning: incorrect type in argument 2 (different address spaces) > drivers/staging/goldfish/goldfish_audio.c:136:43: expected void const *from > drivers/staging/goldfish/goldfish_audio.c:136:43: got char [noderef] <asn:2>*read_buffer > > which was a result of performing a copy_to_user() directly from the bus address > to the userspace, which can be unsafe across some architectures. Goldfish is a specific architecture. It shouldn't be doing direct xcopies like that - which is why the code is in staging but at the same time allocating a buffer each call and doing extra copies is not the right answer. It should be mapping the pages when they are first set up. Alan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists