| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Jul 2022 07:21:55 +0200
From: Alexander Gordeev <agordeev@...ux.ibm.com>
To: Alexander Egorenkov <egorenar@...ux.ibm.com>
Cc: Heiko Carstens <hca@...ux.ibm.com>,
Vasily Gorbik <gor@...ux.ibm.com>,
Matthew Wilcox <willy@...radead.org>,
Baoquan He <bhe@...hat.com>, Christoph Hellwig <hch@....de>,
linux-kernel@...r.kernel.org, linux-s390@...r.kernel.org
Subject: Re: [PATCH 1/1] s390/crash: allow multi-segment iterators
On Wed, Jul 06, 2022 at 10:18:15AM +0200, Alexander Egorenkov wrote:
> > + __iterate_and_advance(iter, csize, base, len, off,
> > + ({ copy_oldmem_user(base, src + off, len) < 0 ? csize : 0; }),
> > + ({ copy_oldmem_kernel(base, src + off, len) < 0 ? csize : 0; })
>
> Question
> --------
> About return value of STEP in iterate_iovec().
> We return "csize" in case copy_oldmem_*() fails.
> If i'm not mistaken this could lead to an overflow in iterate_iovec():
>
> len -= (STEP);
>
> Because len could be less than csize in case iovec consists of multiple
> segments, one of which is less than csize.
>
> Better to return len ?
It certainly better. I'll post the fixed version.
> ({ copy_oldmem_user(base, src + off, len) < 0 ? len : 0; })
>
> > + )
> > return csize;
> > }
>
> Another thing is that now we never report any errors in contrast to
> the version before. This is OK ?
I think that is fine. It is consistent with other iterate_and_advance()
uses and actually converted by read_from_oldmem() to -EFAULT in case of
incomplete copy.
Thank you!
Powered by blists - more mailing lists