lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 20 May 2021 06:28:37 +0000 From: Al Viro <viro@...iv.linux.org.uk> To: Xie Yongji <xieyongji@...edance.com> Cc: mst@...hat.com, jasowang@...hat.com, stefanha@...hat.com, sgarzare@...hat.com, parav@...dia.com, hch@...radead.org, christian.brauner@...onical.com, rdunlap@...radead.org, willy@...radead.org, axboe@...nel.dk, bcrl@...ck.org, corbet@....net, mika.penttila@...tfour.com, dan.carpenter@...cle.com, joro@...tes.org, virtualization@...ts.linux-foundation.org, netdev@...r.kernel.org, kvm@...r.kernel.org, linux-fsdevel@...r.kernel.org, iommu@...ts.linux-foundation.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v7 11/12] vduse: Introduce VDUSE - vDPA Device in Userspace On Mon, May 17, 2021 at 05:55:12PM +0800, Xie Yongji wrote: > + case VDUSE_IOTLB_GET_FD: { > + struct vduse_iotlb_entry entry; > + struct vhost_iotlb_map *map; > + struct vdpa_map_file *map_file; > + struct vduse_iova_domain *domain = dev->domain; > + struct file *f = NULL; > + > + ret = -EFAULT; > + if (copy_from_user(&entry, argp, sizeof(entry))) > + break; return -EFAULT; surely? > + > + ret = -EINVAL; > + if (entry.start > entry.last) > + break; ... and similar here, etc. > + spin_lock(&domain->iotlb_lock); > + map = vhost_iotlb_itree_first(domain->iotlb, > + entry.start, entry.last); > + if (map) { > + map_file = (struct vdpa_map_file *)map->opaque; > + f = get_file(map_file->file); > + entry.offset = map_file->offset; > + entry.start = map->start; > + entry.last = map->last; > + entry.perm = map->perm; > + } > + spin_unlock(&domain->iotlb_lock); > + ret = -EINVAL; > + if (!f) > + break; > + > + ret = -EFAULT; > + if (copy_to_user(argp, &entry, sizeof(entry))) { > + fput(f); > + break; > + } > + ret = receive_fd(f, perm_to_file_flags(entry.perm)); > + fput(f); > + break; IDGI. The main difference between receive_fd() and plain old get_unused_fd_flags() + fd_install() is __receive_sock() call. Which does nothing whatsoever in case of non-sockets. Can you get a socket here? IOW, why bother with that crap at all, nevermind exporting it?
Powered by blists - more mailing lists