lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 21 Feb 2018 20:18:40 +0000
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Brijesh Singh <brijesh.singh@....com>
Cc:     kvm@...r.kernel.org, Paolo Bonzini <pbonzini@...hat.com>,
        Radim Krčmář <rkrcmar@...hat.com>,
        Borislav Petkov <bp@...e.de>,
        Tom Lendacky <thomas.lendacky@....com>,
        linux-kernel@...r.kernel.org, Joerg Roedel <joro@...tes.org>
Subject: Re: [PATCH] KVM: SVM: Fix sparse: incorrect type in argument 1
 (different base types)

On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote:

> Sure, checking access_ok() does not guarantee that later
> copy_from_user() will not fail. But it does eliminate one possible
> reason for the failure. We are trying to validate most of the user
> inputs before we invoke  SEV command.

That makes no sense whatsoever.  If user is deliberately fuzzing
your code or trying to DoS it, that "validation" doesn't buy you
anything - they can just as well feed you NULL, after all.

What is the rationale for that?  "Userland is accidentally feeding
us garbage pointers" is the case where slowness is the least of your
concerns...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ