From: Al Viro <viro@ZenIV.linux.org.uk>
To: linux-kernel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 13/20] drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok()
Date: Sun, 10 May 2020 00:45:50 +0100 [thread overview]
Message-ID: <20200509234557.1124086-13-viro@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200509234557.1124086-1-viro@ZenIV.linux.org.uk>
From: Al Viro <viro@zeniv.linux.org.uk>
Contrary to the comments, those do *NOT* verify anything about
writability of memory, etc.
In all cases addresses are passed only to copy_to_user().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
drivers/crypto/ccp/sev-dev.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 896f190b9a50..7f97164cbafb 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -371,8 +371,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
goto cmd;
/* allocate a physically contiguous buffer to store the CSR blob */
- if (!access_ok(input.address, input.length) ||
- input.length > SEV_FW_BLOB_MAX_SIZE) {
+ if (input.length > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
@@ -609,12 +608,6 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
- /* Check if we have write access to the userspace buffer */
- if (input.address &&
- input.length &&
- !access_ok(input.address, input.length))
- return -EFAULT;
-
data = kzalloc(sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
@@ -730,15 +723,13 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
goto cmd;
/* Allocate a physically contiguous buffer to store the PDH blob. */
- if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
+ if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
/* Allocate a physically contiguous buffer to store the cert chain blob. */
- if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.cert_chain_address, input.cert_chain_len)) {
+ if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
--
2.11.0
next prev parent reply other threads:[~2020-05-09 23:46 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-09 23:41 [PATCHES] uaccess simple access_ok() removals Al Viro
2020-05-09 23:45 ` [PATCH 01/20] dlmfs_file_write(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 02/20] fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade Al Viro
2020-05-09 23:45 ` [PATCH 03/20] btrfs_ioctl_send(): don't bother with access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 04/20] FIEMAP: " Al Viro
2020-05-10 7:02 ` Christoph Hellwig
2020-05-13 19:02 ` Al Viro
2020-05-13 19:38 ` Christoph Hellwig
2020-05-29 15:01 ` Al Viro
2020-05-09 23:45 ` [PATCH 05/20] tomoyo_write_control(): get rid of pointless access_ok() Al Viro
2020-05-10 0:50 ` Tetsuo Handa
2020-05-10 0:57 ` Linus Torvalds
2020-05-10 1:04 ` Tetsuo Handa
2020-05-10 3:01 ` Al Viro
2020-05-09 23:45 ` [PATCH 06/20] n_hdlc_tty_read(): remove " Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 07/20] nvram: drop useless access_ok() Al Viro
2020-05-15 10:54 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 08/20] cm4000_cs.c cmm_ioctl(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 09/20] drivers/fpga/dfl-fme-pr.c: " Al Viro
2020-05-09 23:45 ` [PATCH 10/20] drivers/fpga/dfl-afu-dma-region.c: " Al Viro
2020-05-09 23:45 ` [PATCH 11/20] amifb: get rid of pointless access_ok() calls Al Viro
2020-05-14 13:45 ` Bartlomiej Zolnierkiewicz
2020-05-14 14:07 ` Al Viro
2020-05-14 14:25 ` Bartlomiej Zolnierkiewicz
2020-05-14 17:41 ` Al Viro
2020-05-14 20:21 ` Geert Uytterhoeven
2020-05-09 23:45 ` [PATCH 12/20] omapfb: " Al Viro
2020-05-14 13:39 ` Bartlomiej Zolnierkiewicz
2020-05-09 23:45 ` Al Viro [this message]
2020-05-09 23:45 ` [PATCH 14/20] via-pmu: don't bother with access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 15/20] drm_read(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 16/20] efi_test: " Al Viro
2020-05-09 23:45 ` [PATCH 17/20] lpfc_debugfs: " Al Viro
2020-05-09 23:45 ` [PATCH 18/20] usb: get rid of pointless access_ok() calls Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 19/20] hfi1: get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 4/4] vmci_host: " Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-10 0:34 ` [PATCHES] uaccess simple access_ok() removals Linus Torvalds
2020-05-10 3:27 ` Al Viro
2020-05-10 14:34 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200509234557.1124086-13-viro@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).