From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752796AbdEPSs0 (ORCPT <rfc822;w@1wt.eu>);
        Tue, 16 May 2017 14:48:26 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:58456 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750759AbdEPSsX (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 May 2017 14:48:23 -0400
Date: Tue, 16 May 2017 19:48:21 +0100
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Alexander Potapenko <glider@google.com>
Cc: dvyukov@google.com, kcc@google.com, edumazet@google.com,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH] [iov_iter] use memmove() when copying to/from user page
Message-ID: <20170516184821.GQ390@ZenIV.linux.org.uk>
References: <20170516122734.56760-1-glider@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20170516122734.56760-1-glider@google.com>
User-Agent: Mutt/1.8.0 (2017-02-23)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, May 16, 2017 at 02:27:34PM +0200, Alexander Potapenko wrote:
> It's possible that calling sendfile() to copy the data from a memfd to
> itself may result in doing a memcpy() with overlapping arguments.
> To avoid undefined behavior here, replace memcpy() with memmove() and
> rename memcpy_to_page()/memcpy_from_page() accordingly.

Er...  And what semantics would you assign to such sendfile()?  I really
want to see details, because it sounds like memmove() here will not be
any more useful than memcpy() - you still can esily get odd behaviour.