lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 16 Oct 2014 09:59:03 -0400 From: Matthew Wilcox <willy@...ux.intel.com> To: Mathieu Desnoyers <mathieu.desnoyers@...icios.com> Cc: Matthew Wilcox <matthew.r.wilcox@...el.com>, linux-fsdevel@...r.kernel.org, linux-mm@...ck.org, linux-kernel@...r.kernel.org, Matthew Wilcox <willy@...ux.intel.com> Subject: Re: [PATCH v11 06/21] vfs: Add copy_to_iter(), copy_from_iter() and iov_iter_zero() On Thu, Oct 16, 2014 at 03:33:55PM +0200, Mathieu Desnoyers wrote: > > +static size_t copy_to_iter_iovec(void *from, size_t bytes, struct iov_iter *i) > > +{ [...] > > + left = __copy_to_user(buf, from, copy); > > How comes this function uses __copy_to_user without any access_ok() > check ? This has security implications. The access_ok() check is done higher up the call-chain if it's appropriate. These functions can be (intentionally) called to access kernel addresses, so it wouldn't be appropriate to do that here. > > +static size_t copy_page_to_iter_bvec(struct page *page, size_t offset, > > + size_t bytes, struct iov_iter *i) > > +{ > > + void *kaddr = kmap_atomic(page); > > + size_t wanted = copy_to_iter_bvec(kaddr + offset, bytes, i); > > missing newline. > > > + kunmap_atomic(kaddr); > > + return wanted; > > +} Are you seriously suggesting that: static size_t copy_page_to_iter_bvec(struct page *page, size_t offset, size_t bytes, struct iov_iter *i) { void *kaddr = kmap_atomic(page); size_t wanted = copy_to_iter_bvec(kaddr + offset, bytes, i); kunmap_atomic(kaddr); return wanted; } is more readable than without the newline? I can see the point of the rule for functions with a lot of variables, or a lot of lines, but I don't see the point of it for such a small function. In any case, this patch is now upstream, so I shan't be proposing any stylistic changes for it. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists