From: Al Viro <viro@ZenIV.linux.org.uk>
To: linux-kernel@vger.kernel.org
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel@vger.kernel.org,
Tom Lendacky <thomas.lendacky@amd.com>
Subject: [PATCH 13/20] drivers/crypto/ccp/sev-dev.c: get rid of pointless access_ok()
Date: Sun, 10 May 2020 00:45:50 +0100 [thread overview]
Message-ID: <20200509234557.1124086-13-viro@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20200509234557.1124086-1-viro@ZenIV.linux.org.uk>
From: Al Viro <viro@zeniv.linux.org.uk>
Contrary to the comments, those do *NOT* verify anything about
writability of memory, etc.
In all cases addresses are passed only to copy_to_user().
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
drivers/crypto/ccp/sev-dev.c | 15 +++------------
1 file changed, 3 insertions(+), 12 deletions(-)
diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c
index 896f190b9a50..7f97164cbafb 100644
--- a/drivers/crypto/ccp/sev-dev.c
+++ b/drivers/crypto/ccp/sev-dev.c
@@ -371,8 +371,7 @@ static int sev_ioctl_do_pek_csr(struct sev_issue_cmd *argp, bool writable)
goto cmd;
/* allocate a physically contiguous buffer to store the CSR blob */
- if (!access_ok(input.address, input.length) ||
- input.length > SEV_FW_BLOB_MAX_SIZE) {
+ if (input.length > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
@@ -609,12 +608,6 @@ static int sev_ioctl_do_get_id2(struct sev_issue_cmd *argp)
if (copy_from_user(&input, (void __user *)argp->data, sizeof(input)))
return -EFAULT;
- /* Check if we have write access to the userspace buffer */
- if (input.address &&
- input.length &&
- !access_ok(input.address, input.length))
- return -EFAULT;
-
data = kzalloc(sizeof(*data), GFP_KERNEL);
if (!data)
return -ENOMEM;
@@ -730,15 +723,13 @@ static int sev_ioctl_do_pdh_export(struct sev_issue_cmd *argp, bool writable)
goto cmd;
/* Allocate a physically contiguous buffer to store the PDH blob. */
- if ((input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.pdh_cert_address, input.pdh_cert_len)) {
+ if (input.pdh_cert_len > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
/* Allocate a physically contiguous buffer to store the cert chain blob. */
- if ((input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) ||
- !access_ok(input.cert_chain_address, input.cert_chain_len)) {
+ if (input.cert_chain_len > SEV_FW_BLOB_MAX_SIZE) {
ret = -EFAULT;
goto e_free;
}
--
2.11.0
next prev parent reply other threads:[~2020-05-09 23:46 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-09 23:41 [PATCHES] uaccess simple access_ok() removals Al Viro
2020-05-09 23:45 ` [PATCH 01/20] dlmfs_file_write(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 02/20] fat_dir_ioctl(): hadn't needed that access_ok() for more than a decade Al Viro
2020-05-09 23:45 ` [PATCH 03/20] btrfs_ioctl_send(): don't bother with access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 04/20] FIEMAP: " Al Viro
2020-05-10 7:02 ` Christoph Hellwig
2020-05-13 19:02 ` Al Viro
2020-05-13 19:38 ` Christoph Hellwig
2020-05-29 15:01 ` Al Viro
2020-05-09 23:45 ` [PATCH 05/20] tomoyo_write_control(): get rid of pointless access_ok() Al Viro
2020-05-10 0:50 ` Tetsuo Handa
2020-05-10 0:57 ` Linus Torvalds
2020-05-10 1:04 ` Tetsuo Handa
2020-05-10 3:01 ` Al Viro
2020-05-09 23:45 ` [PATCH 06/20] n_hdlc_tty_read(): remove " Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 07/20] nvram: drop useless access_ok() Al Viro
2020-05-15 10:54 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 08/20] cm4000_cs.c cmm_ioctl(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 09/20] drivers/fpga/dfl-fme-pr.c: " Al Viro
2020-05-09 23:45 ` [PATCH 10/20] drivers/fpga/dfl-afu-dma-region.c: " Al Viro
2020-05-09 23:45 ` [PATCH 11/20] amifb: get rid of pointless access_ok() calls Al Viro
2020-05-14 13:45 ` Bartlomiej Zolnierkiewicz
2020-05-14 14:07 ` Al Viro
2020-05-14 14:25 ` Bartlomiej Zolnierkiewicz
2020-05-14 17:41 ` Al Viro
2020-05-14 20:21 ` Geert Uytterhoeven
2020-05-09 23:45 ` [PATCH 12/20] omapfb: " Al Viro
2020-05-14 13:39 ` Bartlomiej Zolnierkiewicz
2020-05-09 23:45 ` Al Viro [this message]
2020-05-09 23:45 ` [PATCH 14/20] via-pmu: don't bother with access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 15/20] drm_read(): get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 16/20] efi_test: " Al Viro
2020-05-09 23:45 ` [PATCH 17/20] lpfc_debugfs: " Al Viro
2020-05-09 23:45 ` [PATCH 18/20] usb: get rid of pointless access_ok() calls Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-09 23:45 ` [PATCH 19/20] hfi1: get rid of pointless access_ok() Al Viro
2020-05-09 23:45 ` [PATCH 4/4] vmci_host: " Al Viro
2020-05-15 10:53 ` Greg Kroah-Hartman
2020-05-10 0:34 ` [PATCHES] uaccess simple access_ok() removals Linus Torvalds
2020-05-10 3:27 ` Al Viro
2020-05-10 14:34 ` David Laight
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200509234557.1124086-13-viro@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=thomas.lendacky@amd.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.