| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 12 Oct 2022 08:42:24 -0400
From: Steven Rostedt <rostedt@...dmis.org>
To: David Laight <David.Laight@...LAB.COM>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Masami Hiramatsu <mhiramat@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Tom Zanussi <zanussi@...nel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH v2 2/3] tracing: Add "(fault)" name injection to kernel
probes
On Wed, 12 Oct 2022 12:34:45 +0000
David Laight <David.Laight@...LAB.COM> wrote:
> > @@ -13,8 +15,16 @@ static nokprobe_inline int
> > kern_fetch_store_strlen_user(unsigned long addr)
> > {
> > const void __user *uaddr = (__force const void __user *)addr;
> > + int ret;
> >
> > - return strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> > + ret = strnlen_user_nofault(uaddr, MAX_STRING_SIZE);
> > + /*
> > + * strnlen_user_nofault returns zero on fault, insert the
> > + * FAULT_STRING when that occurs.
> > + */
> > + if (ret <= 0)
> > + return strlen(FAULT_STRING) + 1;
> > + return ret;
> > }
>
> Isn't that going to do the wrong thing if the user
> string is valid memory but just zero length??
I thought so at first (and was in the process of changing things
because of that) until I saw the comment above this code:
/* Return the length of string -- including null terminal byte */
And looking the function of strnlen_user_nofault():
* Returns the size of the string INCLUDING the terminating NUL.
That is, it returns 1 on a zero length string and 0 on fault :-p
Yes, I think we should fix that API, but that's another story.
-- Steve
Powered by blists - more mailing lists