[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20170926.113727.1747580838880526105.davem@davemloft.net>
Date: Tue, 26 Sep 2017 11:37:27 -0700 (PDT)
From: David Miller <davem@...emloft.net>
To: mengxu.gatech@...il.com
Cc: ilyal@...lanox.com, aviadye@...lanox.com, davejwatson@...com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
meng.xu@...ech.edu, sanidhya@...ech.edu, taesoo@...ech.edu
Subject: Re: [PATCH] net/tls: move version check after second userspace
fetch
From: Meng Xu <mengxu.gatech@...il.com>
Date: Sun, 24 Sep 2017 11:14:55 -0400
> @@ -382,6 +376,12 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval,
> rc = -EFAULT;
> goto err_crypto_info;
> }
> +
> + /* check version */
> + if (crypto_info->version != TLS_1_2_VERSION) {
> + rc = -ENOTSUPP;
> + goto err_crypto_info;
> + }
> break;
> }
> default:
> --
> 2.7.4
>
Please, again, deduce this into a single userspace copy. Otherwise we're going to
add this check for every cipher we add new support for.
Copy the on-stack crypto info ("tmp_crypto_info") into 'crypto_info' and then
bring in from userspace any further bytes that need to be copied.
That guarantees that the version will not change, and the existing check can
stay where it is.
Powered by blists - more mailing lists