| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Jan 2022 17:56:57 -0600 From: Aleksey Senin <aleksey-linux-kernel@...in.name> To: David Laight <david.laight@...lab.com> Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: Re: Using memcpy instead of copy_to_user. xprtrdma code. Hi, It seems clue is in new proc_sys_call_handler code that allocates the kernel buffer first, calls to particular function and than copying obtained buffer to user space using copy_to_user. Right? On Tue, Jan 25, 2022 at 4:21 PM David Laight <David.Laight@...lab.com> wrote: > > From: Aleksey Senin <aleksey-linux-kernel@...in.name> > > Sent: 25 January 2022 18:04 > > > > This specific patch - - implements using memcpy instead of > > copy_to_user. Why is it considered to be safe in this specific case? > > All readings about how to copy data are mentioning to use > > copy_to_user/copy_from_user. Why use direct copy here? What prevents > > the kernel from failure if the page is not present or doesn't have > > required access rights? > > > > @@ -103,8 +102,8 @@ static int read_reset_stat(struct ctl_table > > *table, int write, > > len -= *ppos; > > if (len > *lenp) > > len = *lenp; > > - if (len && copy_to_user(buffer, str_buf, len)) > > - return -EFAULT; > > + if (len) > > + memcpy(buffer, str_buf, len); > > > > Reference to the specific patch in the services of commits: > > https://lkml.org/lkml/2020/4/17/60 > > Read the commit message. > > > > > Commit itself: > > 32927393dc1ccd60fb2bdc05b9e8e88753761469 > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK > Registration No: 1397386 (Wales)
Powered by blists - more mailing lists