From: Baoquan He <bhe@redhat.com>
To: Philipp Stanner <pstanner@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
Andy Shevchenko <andy@kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
Christian Brauner <brauner@kernel.org>,
David Disseldorp <ddiss@suse.de>,
Luis Chamberlain <mcgrof@kernel.org>,
Siddh Raman Pant <code@siddh.me>,
Nick Alcock <nick.alcock@oracle.com>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
Zack Rusin <zackr@vmware.com>,
VMware Graphics Reviewers <linux-graphics-maintainer@vmware.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
kexec@lists.infradead.org, linux-hardening@vger.kernel.org,
David Airlie <airlied@redhat.com>
Subject: Re: [PATCH v2 2/5] kernel: kexec: copy user-array safely
Date: Mon, 11 Sep 2023 08:25:50 +0800 [thread overview]
Message-ID: <ZP5ejovfsyEjTeg9@MiWiFi-R3L-srv> (raw)
In-Reply-To: <31313a8a1dd1baf9dd3c21fbe8dd46b9e111f20c.1694202430.git.pstanner@redhat.com>
On 09/08/23 at 09:59pm, Philipp Stanner wrote:
> Currently, there is no overflow-check with memdup_user().
>
> Use the new function memdup_array_user() instead of memdup_user() for
> duplicating the user-space array safely.
>
> Suggested-by: David Airlie <airlied@redhat.com>
> Signed-off-by: Philipp Stanner <pstanner@redhat.com>
> ---
> kernel/kexec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index 107f355eac10..8f35a5a42af8 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -247,7 +247,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
> ((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH_DEFAULT))
> return -EINVAL;
>
> - ksegments = memdup_user(segments, nr_segments * sizeof(ksegments[0]));
> + ksegments = memdup_array_user(segments, nr_segments, sizeof(ksegments[0]));
LGTM,
Acked-by: Baoquan He <bhe@redhat.com>
> if (IS_ERR(ksegments))
> return PTR_ERR(ksegments);
>
> --
> 2.41.0
>
>
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com>
To: Philipp Stanner <pstanner@redhat.com>
Cc: Kees Cook <keescook@chromium.org>,
Andy Shevchenko <andy@kernel.org>,
Eric Biederman <ebiederm@xmission.com>,
Christian Brauner <brauner@kernel.org>,
David Disseldorp <ddiss@suse.de>,
Luis Chamberlain <mcgrof@kernel.org>,
Siddh Raman Pant <code@siddh.me>,
Nick Alcock <nick.alcock@oracle.com>,
Maarten Lankhorst <maarten.lankhorst@linux.intel.com>,
Maxime Ripard <mripard@kernel.org>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@gmail.com>, Daniel Vetter <daniel@ffwll.ch>,
Zack Rusin <zackr@vmware.com>,
VMware Graphics Reviewers <linux-graphics-maintainer@vmware.com>,
dri-devel@lists.freedesktop.org, linux-kernel@vger.kernel.org,
kexec@lists.infradead.org, linux-hardening@vger.kernel.org,
David Airlie <airlied@redhat.com>
Subject: Re: [PATCH v2 2/5] kernel: kexec: copy user-array safely
Date: Mon, 11 Sep 2023 08:25:50 +0800 [thread overview]
Message-ID: <ZP5ejovfsyEjTeg9@MiWiFi-R3L-srv> (raw)
In-Reply-To: <31313a8a1dd1baf9dd3c21fbe8dd46b9e111f20c.1694202430.git.pstanner@redhat.com>
On 09/08/23 at 09:59pm, Philipp Stanner wrote:
> Currently, there is no overflow-check with memdup_user().
>
> Use the new function memdup_array_user() instead of memdup_user() for
> duplicating the user-space array safely.
>
> Suggested-by: David Airlie <airlied@redhat.com>
> Signed-off-by: Philipp Stanner <pstanner@redhat.com>
> ---
> kernel/kexec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index 107f355eac10..8f35a5a42af8 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -247,7 +247,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
> ((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH_DEFAULT))
> return -EINVAL;
>
> - ksegments = memdup_user(segments, nr_segments * sizeof(ksegments[0]));
> + ksegments = memdup_array_user(segments, nr_segments, sizeof(ksegments[0]));
LGTM,
Acked-by: Baoquan He <bhe@redhat.com>
> if (IS_ERR(ksegments))
> return PTR_ERR(ksegments);
>
> --
> 2.41.0
>
>
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
WARNING: multiple messages have this Message-ID (diff)
From: Baoquan He <bhe@redhat.com>
To: Philipp Stanner <pstanner@redhat.com>
Cc: Andy Shevchenko <andy@kernel.org>,
Christian Brauner <brauner@kernel.org>,
Siddh Raman Pant <code@siddh.me>,
Kees Cook <keescook@chromium.org>,
kexec@lists.infradead.org, dri-devel@lists.freedesktop.org,
linux-kernel@vger.kernel.org, Maxime Ripard <mripard@kernel.org>,
linux-hardening@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
VMware Graphics Reviewers <linux-graphics-maintainer@vmware.com>,
Eric Biederman <ebiederm@xmission.com>,
Thomas Zimmermann <tzimmermann@suse.de>,
David Airlie <airlied@redhat.com>,
David Disseldorp <ddiss@suse.de>,
Nick Alcock <nick.alcock@oracle.com>
Subject: Re: [PATCH v2 2/5] kernel: kexec: copy user-array safely
Date: Mon, 11 Sep 2023 08:25:50 +0800 [thread overview]
Message-ID: <ZP5ejovfsyEjTeg9@MiWiFi-R3L-srv> (raw)
In-Reply-To: <31313a8a1dd1baf9dd3c21fbe8dd46b9e111f20c.1694202430.git.pstanner@redhat.com>
On 09/08/23 at 09:59pm, Philipp Stanner wrote:
> Currently, there is no overflow-check with memdup_user().
>
> Use the new function memdup_array_user() instead of memdup_user() for
> duplicating the user-space array safely.
>
> Suggested-by: David Airlie <airlied@redhat.com>
> Signed-off-by: Philipp Stanner <pstanner@redhat.com>
> ---
> kernel/kexec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index 107f355eac10..8f35a5a42af8 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -247,7 +247,7 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
> ((flags & KEXEC_ARCH_MASK) != KEXEC_ARCH_DEFAULT))
> return -EINVAL;
>
> - ksegments = memdup_user(segments, nr_segments * sizeof(ksegments[0]));
> + ksegments = memdup_array_user(segments, nr_segments, sizeof(ksegments[0]));
LGTM,
Acked-by: Baoquan He <bhe@redhat.com>
> if (IS_ERR(ksegments))
> return PTR_ERR(ksegments);
>
> --
> 2.41.0
>
>
> _______________________________________________
> kexec mailing list
> kexec@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/kexec
>
next prev parent reply other threads:[~2023-09-11 0:26 UTC|newest]
Thread overview: 45+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-08 19:59 [PATCH v2 0/5] Introduce new wrappers to copy user-arrays Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` [PATCH v2 1/5] string.h: add array-wrappers for (v)memdup_user() Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-10 7:43 ` Andy Shevchenko
2023-09-10 7:43 ` Andy Shevchenko
2023-09-10 7:43 ` Andy Shevchenko
2023-09-16 14:32 ` Dan Carpenter
2023-09-16 14:32 ` Dan Carpenter
2023-09-16 14:32 ` Dan Carpenter
2023-09-18 6:55 ` Andy Shevchenko
2023-09-18 6:55 ` Andy Shevchenko
2023-09-18 6:55 ` Andy Shevchenko
2023-09-18 9:13 ` Philipp Stanner
2023-09-18 9:13 ` Philipp Stanner
2023-09-18 9:13 ` Philipp Stanner
2023-09-08 19:59 ` [PATCH v2 2/5] kernel: kexec: copy user-array safely Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-11 0:25 ` Baoquan He [this message]
2023-09-11 0:25 ` Baoquan He
2023-09-11 0:25 ` Baoquan He
2023-09-08 19:59 ` [PATCH v2 3/5] kernel: watch_queue: " Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` [PATCH v2 4/5] drm_lease.c: " Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` [PATCH v2 5/5] drm: vmgfx_surface.c: " Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-08 19:59 ` Philipp Stanner
2023-09-12 1:27 ` [PATCH v2 0/5] Introduce new wrappers to copy user-arrays Kees Cook
2023-09-12 1:27 ` Kees Cook
2023-09-12 1:27 ` Kees Cook
2023-09-12 1:55 ` Dave Airlie
2023-09-12 1:55 ` Dave Airlie
2023-09-12 1:55 ` Dave Airlie
2023-09-12 2:32 ` Kees Cook
2023-09-12 2:32 ` Kees Cook
2023-09-12 2:32 ` Kees Cook
2023-09-12 1:53 ` Zack Rusin
2023-09-12 1:53 ` Zack Rusin
2023-09-12 1:53 ` Zack Rusin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZP5ejovfsyEjTeg9@MiWiFi-R3L-srv \
--to=bhe@redhat.com \
--cc=airlied@gmail.com \
--cc=airlied@redhat.com \
--cc=andy@kernel.org \
--cc=brauner@kernel.org \
--cc=code@siddh.me \
--cc=daniel@ffwll.ch \
--cc=ddiss@suse.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-graphics-maintainer@vmware.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=maarten.lankhorst@linux.intel.com \
--cc=mcgrof@kernel.org \
--cc=mripard@kernel.org \
--cc=nick.alcock@oracle.com \
--cc=pstanner@redhat.com \
--cc=tzimmermann@suse.de \
--cc=zackr@vmware.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.