Re: [PATCH v1 1/6] fs/readdir: Fix filldir() and filldir64() use of user_access_begin()

From: Christophe Leroy
Date: Wed Jan 22 2020 - 12:54:49 EST

Next message: Cong Wang: "Re: [Patch v3 1/3] iommu: avoid unnecessary magazine allocations"
Previous message: Alain Michaud: "Re: [Bluez PATCH v1] bluetooth: secure bluetooth stack from bluedump attack"
In reply to: Al Viro: "Re: [PATCH v1 1/6] fs/readdir: Fix filldir() and filldir64() use of user_access_begin()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Le 22/01/2020 Ã 18:41, Al Viro a ÃcritÂ:

On Wed, Jan 22, 2020 at 08:13:12AM -0800, Linus Torvalds wrote:

On Wed, Jan 22, 2020 at 5:00 AM Christophe Leroy
<christophe.leroy@xxxxxx> wrote:

Modify filldir() and filldir64() to request the real area they need
to get access to.

Not like this.

This makes the situation for architectures like x86 much worse, since
you now use "put_user()" for the previous dirent filling. Which does
that expensive user access setup/teardown twice again.

So either you need to cover both the dirent's with one call, or you
just need to cover the whole (original) user buffer passed in. But not
this unholy mixing of both unsafe_put_user() and regular put_user().

I would suggest simply covering the range from dirent->d_off to
buf->current_dir->d_name[namelen]; they are going to be close to
each other and we need those addresses anyway...

In v2, I'm covering from the beginning of parent dirent to the end of current dirent.

Christophe

Next message: Cong Wang: "Re: [Patch v3 1/3] iommu: avoid unnecessary magazine allocations"
Previous message: Alain Michaud: "Re: [Bluez PATCH v1] bluetooth: secure bluetooth stack from bluedump attack"
In reply to: Al Viro: "Re: [PATCH v1 1/6] fs/readdir: Fix filldir() and filldir64() use of user_access_begin()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]