| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200421192536.GG23230@ZenIV.linux.org.uk>
Date: Tue, 21 Apr 2020 20:25:36 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Christoph Hellwig <hch@....de>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Jeremy Kerr <jk@...abs.org>, Arnd Bergmann <arnd@...db.de>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
linuxppc-dev@...ts.ozlabs.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/7] powerpc/spufs: simplify spufs core dumping
On Tue, Apr 21, 2020 at 08:19:09PM +0100, Al Viro wrote:
> On Tue, Apr 21, 2020 at 09:01:48PM +0200, Christoph Hellwig wrote:
> > On Tue, Apr 21, 2020 at 07:49:41PM +0100, Al Viro wrote:
> > > > spin_lock(&ctx->csa.register_lock);
> > > > - ret = __spufs_proxydma_info_read(ctx, buf, len, pos);
> > > > + __spufs_proxydma_info_read(ctx, &info);
> > > > + ret = simple_read_from_buffer(buf, len, pos, &info, sizeof(info));
> > >
> > > IDGI... What's that access_ok() for? If you are using simple_read_from_buffer(),
> > > the damn thing goes through copy_to_user(). Why bother with separate access_ok()
> > > here?
> >
> > I have no idea at all, this just refactors the code.
>
> Wait a bloody minute, it's doing *what* under a spinlock?
... and yes, I realize that it's been broken the same way. It still needs fixing.
AFAICS, that got broken in commit bf1ab978be23 "[POWERPC] coredump: Add SPU elf
notes to coredump." when spufs_proxydma_info_read() had copy_to_user() (until
then done after dropping the spinlock) moved into an area where blocking is very
much *not* allowed.
Powered by blists - more mailing lists