From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933663AbcKILHX (ORCPT ); Wed, 9 Nov 2016 06:07:23 -0500 Received: from mail-lf0-f65.google.com ([209.85.215.65]:33911 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S933600AbcKILHM (ORCPT ); Wed, 9 Nov 2016 06:07:12 -0500 Date: Wed, 9 Nov 2016 12:07:09 +0100 From: Johan Hovold To: Oliver Neukum Cc: Johan Hovold , linux-kernel@vger.kernel.org, linux-usb@vger.kernel.org Subject: Re: [PATCH] USB: serial: fix invalid user-pointer checks Message-ID: <20161109110709.GF14744@localhost> References: <1478608010-23588-1-git-send-email-johan@kernel.org> <1478614393.2168.2.camel@suse.com> <20161108154117.GN2664@localhost> <1478689111.2428.6.camel@suse.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1478689111.2428.6.camel@suse.com> User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Nov 09, 2016 at 11:58:31AM +0100, Oliver Neukum wrote: > On Tue, 2016-11-08 at 16:41 +0100, Johan Hovold wrote: > > On Tue, Nov 08, 2016 at 03:13:13PM +0100, Oliver Neukum wrote: > > > On Tue, 2016-11-08 at 13:26 +0100, Johan Hovold wrote: > > > > Drop invalid user-pointer checks from ioctl handlers. > > > > > > > > A NULL-pointer can be valid in user space and copy_to_user() takes > > > > care > > > > of sanity checking. > > > > > > Shouldn't we bail out early in these cases? > > > > I don't think it's worth it, and this is also the general pattern for > > such ioctls. The added overhead for an error case like this is really > > negligible. > > OK, as you say. Also remember that access_ok() is not a sufficient sanity check, and would specifically fail to catch the NULL-pointer case. Thanks, Johan