From: "Fabio M. De Francesco" <fmdefrancesco@gmail.com>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Charlie Sands <sandsch@northvilleschools.net>,
gregkh@linuxfoundation.org, Larry.Finger@lwfinger.net,
phil@philpotter.co.uk, linux-staging@lists.linux.dev,
linux-kernel@vger.kernel.org, paskripkin@gmail.com
Subject: Re: [PATCH V2] Fix unsafe memory access by memcmp
Date: Mon, 04 Apr 2022 16:47:24 +0200 [thread overview]
Message-ID: <1723480.VLH7GnMWUR@leap> (raw)
In-Reply-To: <20220404143531.GE3293@kadam>
On luned? 4 aprile 2022 16:35:31 CEST Dan Carpenter wrote:
> On Mon, Apr 04, 2022 at 04:29:48PM +0200, Fabio M. De Francesco wrote:
> > Is it safe to access user space pointers without using proper helpers?
>
> No.
>
> > In those cases I mean: is it safe without using copy_from_user()?
>
> Correct. You need to use copy_from_user().
>
> >
> > As I said, perhaps I'm overlooking something. However my conclusions
> > follow by your own argument.
> >
> > If I understand what you wrote, you asked to delete rtw_p2p_get()
> > because it looks like nobody "has ever tested or used this code".
> >
> > rtw_p2p_get2() and rtw_p2p_set() use the same pattern of rtw_p2p_get()
> > when they access user space without using the proper helpers.
>
> Those functions use "extra" which is a kernel pointer. Which user
> pointer do they use? Sparse doesn't detect it.
You're right, sorry. This is what I had overlooked. I took a brief look
(just 5 seconds or something) and saw the same arguments that
rtw_p2p_get() takes and then a long list of calls to memcmp().
I overlooked that they were called using the 4th argument ("extra").
Sorry for the noise.
Fabio
next prev parent reply other threads:[~2022-04-04 14:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-04 2:52 [PATCH V2] Fix unsafe memory access by memcmp Charlie Sands
2022-04-04 8:02 ` Michael Straube
2022-04-04 10:50 ` Dan Carpenter
2022-04-04 11:25 ` Fabio M. De Francesco
2022-04-04 12:03 ` Dan Carpenter
2022-04-04 14:29 ` Fabio M. De Francesco
2022-04-04 14:35 ` Dan Carpenter
2022-04-04 14:47 ` Fabio M. De Francesco [this message]
2022-04-04 14:36 ` Greg KH
2022-04-04 16:33 ` Pavel Skripkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1723480.VLH7GnMWUR@leap \
--to=fmdefrancesco@gmail.com \
--cc=Larry.Finger@lwfinger.net \
--cc=dan.carpenter@oracle.com \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=paskripkin@gmail.com \
--cc=phil@philpotter.co.uk \
--cc=sandsch@northvilleschools.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.