[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201120170545.1419332-1-jannh@google.com>
Date: Fri, 20 Nov 2020 18:05:45 +0100
From: Jann Horn <jannh@...gle.com>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...capital.net>,
Will Drewry <wad@...omium.org>, linux-kernel@...r.kernel.org,
Tyler Hicks <code@...icks.com>, Christoph Hellwig <hch@....de>
Subject: [PATCH v2] seccomp: Remove bogus __user annotations
Buffers that are passed to read_actions_logged() and write_actions_logged()
are in kernel memory; the sysctl core takes care of copying from/to
userspace.
Fixes: 32927393dc1c ("sysctl: pass kernel pointers to ->proc_handler")
Reviewed-by: Tyler Hicks <code@...icks.com>
Signed-off-by: Jann Horn <jannh@...gle.com>
---
v2: corrected "Fixes" tag
kernel/seccomp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index 8ad7a293255a..c2bff3561846 100644
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -1968,7 +1968,7 @@ static bool seccomp_actions_logged_from_names(u32 *actions_logged, char *names)
return true;
}
-static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
+static int read_actions_logged(struct ctl_table *ro_table, void *buffer,
size_t *lenp, loff_t *ppos)
{
char names[sizeof(seccomp_actions_avail)];
@@ -1986,7 +1986,7 @@ static int read_actions_logged(struct ctl_table *ro_table, void __user *buffer,
return proc_dostring(&table, 0, buffer, lenp, ppos);
}
-static int write_actions_logged(struct ctl_table *ro_table, void __user *buffer,
+static int write_actions_logged(struct ctl_table *ro_table, void *buffer,
size_t *lenp, loff_t *ppos, u32 *actions_logged)
{
char names[sizeof(seccomp_actions_avail)];
base-commit: 4d02da974ea85a62074efedf354e82778f910d82
--
2.29.2.454.gaff20da3a2-goog
Powered by blists - more mailing lists