| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 28 Mar 2020 11:48:57 +0100
From: Ingo Molnar <mingo@...nel.org>
To: Al Viro <viro@...IV.linux.org.uk>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Thomas Gleixner <tglx@...utronix.de>, x86@...nel.org,
linux-kernel@...r.kernel.org, Borislav Petkov <bp@...en8.de>
Subject: Re: [RFC][PATCH 01/22] x86 user stack frame reads: switch to
explicit __get_user()
* Al Viro <viro@...IV.linux.org.uk> wrote:
> From: Al Viro <viro@...iv.linux.org.uk>
>
> rather than relying upon the magic in raw_copy_from_user()
> - bytes = __copy_from_user_nmi(&frame.next_frame, fp, 4);
> - if (bytes != 0)
> + if (__get_user(frame.next_frame, &fp->next_frame))
> break;
> - bytes = __copy_from_user_nmi(&frame.return_address, fp+4, 4);
> - if (bytes != 0)
> + if (__get_user(frame.return_address, &fp->return_address))
> break;
Just wondering about the long term plan here: we have unsafe_get_user()
as a wrapper around __get_user(), but the __get_user() API doesn't carry
the 'unsafe' tag yet.
Should we add an __unsafe_get_user() alias to it perhaps, and use it in
all code that adds it, like the chunk above? Or rename it to
__unsafe_get_user() outright? No change to the logic, but it would be
more obvious what code has inherited old __get_user() uses and which code
uses __unsafe_get_user() intentionally.
Even after your series there's 700 uses of __get_user(), so it would make
sense to make a distinction in name at least and tag all unsafe APIs with
an 'unsafe_' prefix.
Thanks,
Ingo
Powered by blists - more mailing lists