| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZVMgR4Z71l7ZsllC@yilunxu-OptiPlex-7050>
Date: Tue, 14 Nov 2023 15:22:47 +0800
From: Xu Yilun <yilun.xu@...ux.intel.com>
To: Philipp Stanner <pstanner@...hat.com>
Cc: Wu Hao <hao.wu@...el.com>, Tom Rix <trix@...hat.com>,
Moritz Fischer <mdf@...nel.org>, Xu Yilun <yilun.xu@...el.com>,
linux-fpga@...r.kernel.org, linux-kernel@...r.kernel.org,
Dave Airlie <airlied@...hat.com>
Subject: Re: [PATCH] drivers/fpga: copy userspace array safely
On Thu, Nov 02, 2023 at 07:49:09PM +0100, Philipp Stanner wrote:
> dfl.c utilizes memdup_user() and array_size() to copy a userspace array.
> Currently, this does not check for an overflow.
array_size() actually checks for overflow, so please re-write the changelog.
Thanks,
Yilun
>
> Use the new wrapper memdup_array_user() to copy the array more safely.
>
> Suggested-by: Dave Airlie <airlied@...hat.com>
> Signed-off-by: Philipp Stanner <pstanner@...hat.com>
> ---
> Linus recently merged this new wrapper for Kernel v6.7
> ---
> drivers/fpga/dfl.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/fpga/dfl.c b/drivers/fpga/dfl.c
> index dd7a783d53b5..e69b9f1f2a50 100644
> --- a/drivers/fpga/dfl.c
> +++ b/drivers/fpga/dfl.c
> @@ -2008,8 +2008,8 @@ long dfl_feature_ioctl_set_irq(struct platform_device *pdev,
> (hdr.start + hdr.count < hdr.start))
> return -EINVAL;
>
> - fds = memdup_user((void __user *)(arg + sizeof(hdr)),
> - array_size(hdr.count, sizeof(s32)));
> + fds = memdup_array_user((void __user *)(arg + sizeof(hdr)),
> + hdr.count, sizeof(s32));
> if (IS_ERR(fds))
> return PTR_ERR(fds);
>
> --
> 2.41.0
>
Powered by blists - more mailing lists