From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
linux-kernel <linux-kernel@vger.kernel.org>,
Eric Dumazet <edumazet@google.com>
Subject: Re: [PATCH] x86/uaccess: small optimization in unsafe_copy_to_user()
Date: Sat, 17 Apr 2021 18:09:44 +0000 [thread overview]
Message-ID: <YHskaCSFOE1AYyoP@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <CAHk-=wjYVZZpqDGH2Q=kMOyOqBhpbt8t8JdEWZHDGrPiV=_ifA@mail.gmail.com>
On Sat, Apr 17, 2021 at 09:27:04AM -0700, Linus Torvalds wrote:
> On Sat, Apr 17, 2021 at 9:08 AM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> >
> > Side note: I'm, looking at the readdir cases that I wrote, and I have
> > to just say that is broken too. So "stones and glass houses" etc, and
> > I'll have to fix that too.
>
> In particular, the very very old OLD_READDIR interface that only fills
> in one dirent at a time didn't call verify_dirent_name(). Same for the
> compat version.
>
> This requires a corrupt filesystem to be an issue (and even then,
> most/all would have the length of a directory entry in an 'unsigned
> char', so even corrupt filesystems would generally never have a
> negative name length).
>
> So I don't think it's an issue in _practice_, but at the same time it
> is very much an example of the same issue that put_cmsg() has in
> net-next: unsafe user copies should be fully guarded and not have some
> "but this would never happen because callers would never do anything
> bad".
>
> Al - fairly trivial patch applied, comments?
Should be fine... FWIW, I've a patch in the same area, making those suckers
return bool. Seeing that they are only ever called via dir_emit(), dir_emit_dot()
and dir_emit_dotdot() and all of those return ->actor(...) == 0...
Anyway, that'd be trivial to rebase on top of yours.
next prev parent reply other threads:[~2021-04-17 18:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-16 19:24 [PATCH] x86/uaccess: small optimization in unsafe_copy_to_user() Eric Dumazet
2021-04-16 19:44 ` Al Viro
2021-04-16 20:11 ` Eric Dumazet
2021-04-16 20:57 ` Eric Dumazet
2021-04-17 13:59 ` David Laight
2021-04-17 16:03 ` Linus Torvalds
2021-04-17 16:08 ` Linus Torvalds
2021-04-17 16:27 ` Linus Torvalds
2021-04-17 18:09 ` Al Viro [this message]
2021-04-17 20:30 ` Al Viro
2021-04-17 20:35 ` Al Viro
2021-04-17 22:11 ` Linus Torvalds
2021-04-18 0:50 ` Al Viro
2021-04-17 19:44 ` Eric Dumazet
2021-04-17 19:51 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YHskaCSFOE1AYyoP@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.