RE: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls

From: David Laight
Date: Fri Aug 27 2021 - 04:34:18 EST

Next message: Herbert Xu: "Re: [PATCH] crypto: remove rmd320 in Makefile"
Previous message: luojiaxing: "Re: PCI MSI issue with reinserting a driver"
In reply to: Peter Collingbourne: "Re: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls"
Next in thread: Arnd Bergmann: "Re: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Collingbourne
> Sent: 26 August 2021 20:46
...
> > The other sane thing is to check _IOC_SIZE().
> > Since all the SIOCxxxx have a correct _IOC_SIZE() that can be
> > used to check the user copy length.
> > (Unlike socket options the correct length is always supplied.
>
> FWIW, it doesn't look like any of them have the _IOC_SIZE() bits set,
> so that won't work. _IOC_TYPE() seems better anyway.

Linus must have stolen those definitions from SVSV not one of the BSDs.
The BSD's started using the high 16 bits when they moved to 32bit.

Something I've written kernel code for required those bits be set
and would then do the user copies in the syscall entry paths.
It won't be SYSV because I used 3 character 'type' fields on that.
Windows does do the copies - but is entirely 'not quite' different.
So it must have been NetBDSD.

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Herbert Xu: "Re: [PATCH] crypto: remove rmd320 in Makefile"
Previous message: luojiaxing: "Re: PCI MSI issue with reinserting a driver"
In reply to: Peter Collingbourne: "Re: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls"
Next in thread: Arnd Bergmann: "Re: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]