| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250321224557.3847-2-david.laight.linux@gmail.com>
Date: Fri, 21 Mar 2025 22:45:55 +0000
From: David Laight <david.laight.linux@...il.com>
To: linux-kernel@...r.kernel.org
Cc: David Laight <david.laight.linux@...il.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jens Axboe <axboe@...nel.dk>,
David Howells <dhowells@...hat.com>,
Matthew Wilcox <willy@...radead.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: [PATCH next 1/3] iov: Remove access_ok() from import_iovec()
There is no point checking the validity of the user address when reading
the iovec[] from usespace.
It is checked again before the user copy itself.
Added in 09fc68dc66f75 (iov_iter: saner checks on copyin/copyout)
Signed-off-by: David Laight <david.laight.linux@...il.com>
---
lib/iov_iter.c | 9 ---------
1 file changed, 9 deletions(-)
diff --git a/lib/iov_iter.c b/lib/iov_iter.c
index 65f550cb5081..623ec43e049a 100644
--- a/lib/iov_iter.c
+++ b/lib/iov_iter.c
@@ -1471,13 +1471,6 @@ ssize_t __import_iovec(int type, const struct iovec __user *uvec,
for (seg = 0; seg < nr_segs; seg++) {
ssize_t len = (ssize_t)iov[seg].iov_len;
- if (!access_ok(iov[seg].iov_base, len)) {
- if (iov != *iovp)
- kfree(iov);
- *iovp = NULL;
- return -EFAULT;
- }
-
if (len > MAX_RW_COUNT - total_len) {
len = MAX_RW_COUNT - total_len;
iov[seg].iov_len = len;
@@ -1528,8 +1521,6 @@ int import_ubuf(int rw, void __user *buf, size_t len, struct iov_iter *i)
{
if (len > MAX_RW_COUNT)
len = MAX_RW_COUNT;
- if (unlikely(!access_ok(buf, len)))
- return -EFAULT;
iov_iter_ubuf(i, rw, buf, len);
return 0;
--
2.39.5
Powered by blists - more mailing lists