From: David Laight <David.Laight@ACULAB.COM>
To: 'Jiri Slaby' <jslaby@suse.cz>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH 16/36] tty/vt: consolemap: check put_user() in con_get_unimap()
Date: Wed, 8 Jun 2022 08:02:30 +0000 [thread overview]
Message-ID: <5bf366cc45334bb9a9c3d186ef8d6933@AcuMS.aculab.com> (raw)
In-Reply-To: <20220607104946.18710-16-jslaby@suse.cz>
From: Jiri Slaby
> Sent: 07 June 2022 11:49
>
> Only the return value of copy_to_user() is checked in con_get_unimap().
> Do the same for put_user() of the count too.
>
> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
> ---
> drivers/tty/vt/consolemap.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
> index 831450f2bfd1..92b5dddb00d9 100644
> --- a/drivers/tty/vt/consolemap.c
> +++ b/drivers/tty/vt/consolemap.c
> @@ -813,7 +813,8 @@ int con_get_unimap(struct vc_data *vc, ushort ct, ushort __user *uct,
> console_unlock();
> if (copy_to_user(list, unilist, min(ect, ct) * sizeof(*unilist)))
> ret = -EFAULT;
> - put_user(ect, uct);
> + if (put_user(ect, uct))
> + ret = -EFAULT;
> kvfree(unilist);
> return ret ? ret : (ect <= ct) ? 0 : -ENOMEM;
> }
How is the user expected to check the result of this code?
AFAICT -ENOMEM is returned if either kmalloc() fails or
the user buffer is too short?
Looks pretty hard to detect which.
I've not looked at the effect of all the patches, but setting
'ret = -ENOMEM' and breaking the loop when the array is too
small would simplify things.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-06-08 8:49 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 10:49 [PATCH 01/36] tty/vt: consolemap: use ARRAY_SIZE() Jiri Slaby
2022-06-07 10:49 ` [PATCH 02/36] tty/vt: consolemap: rename and document struct uni_pagedir Jiri Slaby
2022-06-07 12:36 ` Ilpo Järvinen
2022-06-08 5:42 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 03/36] tty/vt: consolemap: define UNI_* macros for constants Jiri Slaby
2022-06-07 13:21 ` Ilpo Järvinen
2022-06-08 6:55 ` Jiri Slaby
2022-06-08 9:54 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 04/36] tty/vt: consolemap: decrypt inverse_translate() Jiri Slaby
2022-06-07 12:54 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 05/36] tty/vt: consolemap: remove extern from function decls Jiri Slaby
2022-06-07 13:33 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 06/36] tty/vt: consolemap: convert macros to static inlines Jiri Slaby
2022-06-07 13:31 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 07/36] tty/vt: consolemap: make parameters of inverse_translate() saner Jiri Slaby
2022-06-07 13:32 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 08/36] tty/vt: consolemap: one line = one statement Jiri Slaby
2022-06-07 13:35 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 09/36] tty/vt: consolemap: use | for binary addition Jiri Slaby
2022-06-07 13:36 ` Ilpo Järvinen
2022-06-07 13:40 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 10/36] tty/vt: consolemap: introduce UNI_*() macros Jiri Slaby
2022-06-07 13:47 ` Ilpo Järvinen
2022-06-08 6:59 ` Jiri Slaby
2022-06-08 7:30 ` Jiri Slaby
2022-06-08 8:02 ` Ilpo Järvinen
2022-06-08 8:18 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 11/36] tty/vt: consolemap: zero uni_pgdir using kcalloc() Jiri Slaby
2022-06-07 13:51 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 12/36] tty/vt: consolemap: use sizeof(*pointer) instead of sizeof(type) Jiri Slaby
2022-06-07 14:00 ` Ilpo Järvinen
2022-06-07 18:13 ` Jiri Slaby
2022-06-08 7:23 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 13/36] tty/vt: consolemap: make con_set_unimap() more readable Jiri Slaby
2022-06-07 14:06 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 14/36] tty/vt: consolemap: make con_get_unimap() " Jiri Slaby
2022-06-07 14:11 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 15/36] tty/vt: consolemap: make p1 increment less confusing in con_get_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 16/36] tty/vt: consolemap: check put_user() " Jiri Slaby
2022-06-07 14:19 ` Ilpo Järvinen
2022-06-08 7:40 ` Jiri Slaby
2022-06-08 8:13 ` Ilpo Järvinen
2022-06-08 10:38 ` Andy Shevchenko
2022-06-08 10:43 ` Greg Kroah-Hartman
2022-06-08 8:02 ` David Laight [this message]
2022-06-08 8:11 ` Jiri Slaby
2022-06-08 8:13 ` Jiri Slaby
2022-06-09 8:51 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 17/36] tty/vt: consolemap: introduce enum translation_map and use it Jiri Slaby
2022-06-07 10:49 ` [PATCH 18/36] tty/vt: consolemap: remove glyph < 0 check from set_inverse_trans_unicode() Jiri Slaby
2022-06-07 10:49 ` [PATCH 19/36] tty/vt: consolemap: extract dict unsharing to con_unshare_unimap() Jiri Slaby
2022-06-07 14:30 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 20/36] tty/vt: consolemap: saner variable names in set_inverse_trans_unicode() Jiri Slaby
2022-06-07 14:34 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 21/36] tty/vt: consolemap: saner variable names in conv_uni_to_pc() Jiri Slaby
2022-06-07 10:49 ` [PATCH 22/36] tty/vt: consolemap: saner variable names in con_insert_unipair() Jiri Slaby
2022-06-07 10:49 ` [PATCH 23/36] tty/vt: consolemap: saner variable names in con_unify_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 24/36] tty/vt: consolemap: saner variable names in con_do_clear_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 25/36] tty/vt: consolemap: saner variable names in con_unshare_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 26/36] tty/vt: consolemap: saner variable names in con_release_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 27/36] tty/vt: consolemap: saner variable names in con_copy_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 28/36] tty/vt: consolemap: saner variable names in con_get_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 29/36] tty/vt: consolemap: saner variable names in con_set_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 30/36] tty/vt: consolemap: saner variable names in con_set_default_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 31/36] tty/vt: consolemap: make conv_uni_to_pc() more readable Jiri Slaby
2022-06-07 10:49 ` [PATCH 32/36] tty/vt: consolemap: remove superfluous whitespace Jiri Slaby
2022-06-07 10:49 ` [PATCH 33/36] tty/vt: consolemap: change refcount only if needed in con_do_clear_unimap() Jiri Slaby
2022-06-07 15:31 ` Ilpo Järvinen
2022-06-08 7:44 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 34/36] tty/vt: consolemap: extract con_allocate_new() from con_do_clear_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 35/36] tty/vt: consolemap: use con_allocate_new() in con_unshare_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 36/36] tty/vt: consolemap: walk the buffer only once in con_set_trans_old() Jiri Slaby
2022-06-07 16:25 ` Ilpo Järvinen
2022-06-07 12:36 ` [PATCH 01/36] tty/vt: consolemap: use ARRAY_SIZE() Ilpo Järvinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5bf366cc45334bb9a9c3d186ef8d6933@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=gregkh@linuxfoundation.org \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox