| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Mar 2021 00:24:47 +0000
From: Dmitry Safonov <0x7f454c46@...il.com>
To: Cyrill Gorcunov <gorcunov@...il.com>,
LKML <linux-kernel@...r.kernel.org>
Cc: Alexey Dobriyan <adobriyan@...il.com>,
Oleg Nesterov <oleg@...hat.com>,
Andrey Vagin <avagin@...il.com>,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH v2] prctl: PR_SET_MM - unify copying of user's auvx
Hi Cyrill,
On 3/23/21 10:06 PM, Cyrill Gorcunov wrote:
[..]
> --- linux-tip.git.orig/kernel/sys.c
> +++ linux-tip.git/kernel/sys.c
> @@ -1961,6 +1961,30 @@ out:
> return error;
> }
>
> +static int copy_auxv_from_user(unsigned long *auxv, size_t auxv_size,
> + const void __user *addr, size_t len)
> +{
> + BUG_ON(auxv_size != sizeof(current->mm->saved_auxv));
Nit:
size_t auxv_size = sizeof(user_auxv);
BUILD_BUG_ON(sizeof(user_auxv) != sizeof(current->mm->saved_auxv));
(to make it local variable instead of a parameter and get rid of a new
BUG_ON())
> +
> + if (!addr || len > auxv_size)
> + return -EINVAL;
> +
> + memset(auxv, 0, auxv_size);
> + if (len && copy_from_user(auxv, addr, len))
> + return -EFAULT;
> +
> + /*
> + * Specification requires the vector to be
> + * ended up with AT_NULL entry so user space
> + * will notice where to stop enumerating.
> + */
> + if (len == auxv_size) {
> + auxv[AT_VECTOR_SIZE - 2] = AT_NULL;
> + auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
I don't follow why it became conditional.
Perhaps, you meant that memset(0) above will zerofy it anyway, but in
case (len == auxv_size - 1) it won't work. Or I'm missing something
obvious :-)
Thanks,
Dima
Powered by blists - more mailing lists