From: Rusty Russell <rusty@rustcorp.com.au>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org,
Fengguang Wu <fengguang.wu@intel.com>,
kernel-janitors@vger.kernel.org,
Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH] module: report -EFAULT on bytes remaining
Date: Thu, 13 Sep 2012 06:43:24 +0000 [thread overview]
Message-ID: <87pq5qsabn.fsf@rustcorp.com.au> (raw)
In-Reply-To: <20120912154023.GL19410@mwanda>
Dan Carpenter <dan.carpenter@oracle.com> writes:
> On Wed, Sep 12, 2012 at 08:06:16AM -0700, Kees Cook wrote:
>> Caught by smatch:
>> kernel/module.c:2450 copy_module_from_user() warn: maybe return -EFAULT instead of the bytes remaining?
>>
>> Clean up the copy_from_user() call to not report a positive value.
>> With this patch, init_module() will report errors from copy_from_user
>> (before it would always only report -EFAULT when err != 0).
>>
>> Reported-by: Fengguang Wu <fengguang.wu@intel.com>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> This change is on top of the finit_module patch series.
>> ---
>> kernel/module.c | 5 ++++-
>> 1 files changed, 4 insertions(+), 1 deletions(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index 0ad03c4..05b8dde 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -2441,8 +2441,11 @@ int copy_module_from_user(const void __user *umod, unsigned long len,
>> return -ENOMEM;
>>
>> err = copy_from_user(info->hdr, umod, info->len);
>> - if (err)
>> + if (err) {
>> + if (err > 0)
> ^^^^^^^^^^^
> This condition is always true because copy_to/from_user() returns
> the number of bytes remaining to be copied. (It never returns a
> negative error code).
Yes, I made the obvious fix (eliminating the >0 check).
This "copy_from_user is stupid" was a debate a lost long ago, but it
still annoys me.
Applied,
Rusty.
WARNING: multiple messages have this Message-ID (diff)
From: Rusty Russell <rusty@rustcorp.com.au>
To: Dan Carpenter <dan.carpenter@oracle.com>,
Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org,
Fengguang Wu <fengguang.wu@intel.com>,
kernel-janitors@vger.kernel.org,
Mimi Zohar <zohar@linux.vnet.ibm.com>
Subject: Re: [PATCH] module: report -EFAULT on bytes remaining
Date: Thu, 13 Sep 2012 16:01:24 +0930 [thread overview]
Message-ID: <87pq5qsabn.fsf@rustcorp.com.au> (raw)
In-Reply-To: <20120912154023.GL19410@mwanda>
Dan Carpenter <dan.carpenter@oracle.com> writes:
> On Wed, Sep 12, 2012 at 08:06:16AM -0700, Kees Cook wrote:
>> Caught by smatch:
>> kernel/module.c:2450 copy_module_from_user() warn: maybe return -EFAULT instead of the bytes remaining?
>>
>> Clean up the copy_from_user() call to not report a positive value.
>> With this patch, init_module() will report errors from copy_from_user
>> (before it would always only report -EFAULT when err != 0).
>>
>> Reported-by: Fengguang Wu <fengguang.wu@intel.com>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> This change is on top of the finit_module patch series.
>> ---
>> kernel/module.c | 5 ++++-
>> 1 files changed, 4 insertions(+), 1 deletions(-)
>>
>> diff --git a/kernel/module.c b/kernel/module.c
>> index 0ad03c4..05b8dde 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -2441,8 +2441,11 @@ int copy_module_from_user(const void __user *umod, unsigned long len,
>> return -ENOMEM;
>>
>> err = copy_from_user(info->hdr, umod, info->len);
>> - if (err)
>> + if (err) {
>> + if (err > 0)
> ^^^^^^^^^^^
> This condition is always true because copy_to/from_user() returns
> the number of bytes remaining to be copied. (It never returns a
> negative error code).
Yes, I made the obvious fix (eliminating the >0 check).
This "copy_from_user is stupid" was a debate a lost long ago, but it
still annoys me.
Applied,
Rusty.
next prev parent reply other threads:[~2012-09-13 6:43 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-09-12 15:06 [PATCH] module: report -EFAULT on bytes remaining Kees Cook
2012-09-12 15:06 ` Kees Cook
2012-09-12 15:40 ` Dan Carpenter
2012-09-12 15:40 ` Dan Carpenter
2012-09-13 6:31 ` Rusty Russell [this message]
2012-09-13 6:43 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pq5qsabn.fsf@rustcorp.com.au \
--to=rusty@rustcorp.com.au \
--cc=dan.carpenter@oracle.com \
--cc=fengguang.wu@intel.com \
--cc=keescook@chromium.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.