lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Thu, 28 Mar 2019 17:09:08 +0100
From:   Borislav Petkov <bp@...en8.de>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Ben Dooks <ben.dooks@...ethink.co.uk>,
        Linux List Kernel Mailing <linux-kernel@...r.kernel.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.co>, Peter Anvin <hpa@...or.com>,
        the arch/x86 maintainers <x86@...nel.org>,
        linux-kernel@...ts.codethink.co.uk
Subject: Re: [PATCH] x86/asm: add __user on copy_user_handle_tail() pointers

On Thu, Mar 28, 2019 at 08:48:33AM -0700, Linus Torvalds wrote:
> Well, it does that because the x86 version of copy_user_generic() can
> work in either direction, so it works when either the source or
> destination (or both) are user pointers, but they don't _have_ to be.
> 
> So the "userness" of a pointer in that context is a bit ambiguous, and
> so we've picked the pointers to be just plain "void *".

Yeah, I had a suspicion the reasoning would be something along those
lines but couldn't find any threads discussing this quickly.

> That said, arguably we should have gone the other way and just made
> them both "__user" pointers, and do the cast the other way around.
> 
> But there's no absolutely right answer here, and nobody should ever
> use copy_user_generic() directly (ie it is very much meant to be only
> used as a internal helper for the cases that get the pointer
> annotations right).
> 
> I do think Ben's patch is probably the right thing to do.
> 
> And we could do the same thing to copy_user_generic(), but that would
> require switching the casts around in the callers, so may not be worth
> the noise.

Ok, Ben can you please add Linus' reasoning for this to the commit
message so that it is clear why it is done this way and we can find it
with git archeology?

Thx.

-- 
Regards/Gruss,
    Boris.

Good mailing practices for 400: avoid top-posting and trim the reply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ