Re: [PATCH v3 1/2] media: venus: fix TOCTOU vulnerability when reading packets from shared memory

From: Bryan O'Donoghue
Date: Fri May 16 2025 - 06:12:30 EST

Next message: Pankaj Raghav: "[RFC 3/3] iomap: use LARGE_ZERO_PAGE in iomap_dio_zero()"
Previous message: Pankaj Raghav: "[RFC 0/3] add large zero page for zeroing out larger segments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 15/05/2025 19:25, Vikash Garodia wrote:

Check the pseudo code which i proposed earlier in this conversation [1]. It does
not rely on ptr_val at all to check the sanity after memcpy.

[1]https://lore.kernel.org/all/0c50c24a-35fa-acfb-a807- b4ed5394506b@xxxxxxxxxxx/

Understood.

Another version of this patch to check after the memcpy() for verification purposes might be correct but, IMO there's no scope for a TOCTOU based modification here.

---
bod

Next message: Pankaj Raghav: "[RFC 3/3] iomap: use LARGE_ZERO_PAGE in iomap_dio_zero()"
Previous message: Pankaj Raghav: "[RFC 0/3] add large zero page for zeroing out larger segments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]