From: Jiri Slaby <jirislaby@kernel.org>
To: David Laight <David.Laight@ACULAB.COM>,
"gregkh@linuxfoundation.org" <gregkh@linuxfoundation.org>
Cc: "linux-serial@vger.kernel.org" <linux-serial@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 16/36] tty/vt: consolemap: check put_user() in con_get_unimap()
Date: Wed, 8 Jun 2022 10:11:12 +0200 [thread overview]
Message-ID: <9780cd63-5cf3-7ee0-4866-160b9de0a3e8@kernel.org> (raw)
In-Reply-To: <5bf366cc45334bb9a9c3d186ef8d6933@AcuMS.aculab.com>
On 08. 06. 22, 10:02, David Laight wrote:
> From: Jiri Slaby
>> Sent: 07 June 2022 11:49
>>
>> Only the return value of copy_to_user() is checked in con_get_unimap().
>> Do the same for put_user() of the count too.
>>
>> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
>> ---
>> drivers/tty/vt/consolemap.c | 3 ++-
>> 1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/drivers/tty/vt/consolemap.c b/drivers/tty/vt/consolemap.c
>> index 831450f2bfd1..92b5dddb00d9 100644
>> --- a/drivers/tty/vt/consolemap.c
>> +++ b/drivers/tty/vt/consolemap.c
>> @@ -813,7 +813,8 @@ int con_get_unimap(struct vc_data *vc, ushort ct, ushort __user *uct,
>> console_unlock();
>> if (copy_to_user(list, unilist, min(ect, ct) * sizeof(*unilist)))
>> ret = -EFAULT;
>> - put_user(ect, uct);
>> + if (put_user(ect, uct))
>> + ret = -EFAULT;
>> kvfree(unilist);
>> return ret ? ret : (ect <= ct) ? 0 : -ENOMEM;
>> }
>
> How is the user expected to check the result of this code?
>
> AFAICT -ENOMEM is returned if either kmalloc() fails or
> the user buffer is too short?
> Looks pretty hard to detect which.
Agreed. The code is far from perfect. We might try to return ENOSPC and
watch what breaks. (And decouple the double "?:" operator as it makes
things only worse.)
> I've not looked at the effect of all the patches, but setting
> 'ret = -ENOMEM' and breaking the loop when the array is too
> small would simplify things.
Note that the patches try NOT to change the behavior in any way. If they
do, it's likely a bug. They are first front cleanup. Definitely more to
come. Either from me, or others -- patches welcome ;).
thanks,
--
js
suse labs
next prev parent reply other threads:[~2022-06-08 8:53 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-07 10:49 [PATCH 01/36] tty/vt: consolemap: use ARRAY_SIZE() Jiri Slaby
2022-06-07 10:49 ` [PATCH 02/36] tty/vt: consolemap: rename and document struct uni_pagedir Jiri Slaby
2022-06-07 12:36 ` Ilpo Järvinen
2022-06-08 5:42 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 03/36] tty/vt: consolemap: define UNI_* macros for constants Jiri Slaby
2022-06-07 13:21 ` Ilpo Järvinen
2022-06-08 6:55 ` Jiri Slaby
2022-06-08 9:54 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 04/36] tty/vt: consolemap: decrypt inverse_translate() Jiri Slaby
2022-06-07 12:54 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 05/36] tty/vt: consolemap: remove extern from function decls Jiri Slaby
2022-06-07 13:33 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 06/36] tty/vt: consolemap: convert macros to static inlines Jiri Slaby
2022-06-07 13:31 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 07/36] tty/vt: consolemap: make parameters of inverse_translate() saner Jiri Slaby
2022-06-07 13:32 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 08/36] tty/vt: consolemap: one line = one statement Jiri Slaby
2022-06-07 13:35 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 09/36] tty/vt: consolemap: use | for binary addition Jiri Slaby
2022-06-07 13:36 ` Ilpo Järvinen
2022-06-07 13:40 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 10/36] tty/vt: consolemap: introduce UNI_*() macros Jiri Slaby
2022-06-07 13:47 ` Ilpo Järvinen
2022-06-08 6:59 ` Jiri Slaby
2022-06-08 7:30 ` Jiri Slaby
2022-06-08 8:02 ` Ilpo Järvinen
2022-06-08 8:18 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 11/36] tty/vt: consolemap: zero uni_pgdir using kcalloc() Jiri Slaby
2022-06-07 13:51 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 12/36] tty/vt: consolemap: use sizeof(*pointer) instead of sizeof(type) Jiri Slaby
2022-06-07 14:00 ` Ilpo Järvinen
2022-06-07 18:13 ` Jiri Slaby
2022-06-08 7:23 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 13/36] tty/vt: consolemap: make con_set_unimap() more readable Jiri Slaby
2022-06-07 14:06 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 14/36] tty/vt: consolemap: make con_get_unimap() " Jiri Slaby
2022-06-07 14:11 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 15/36] tty/vt: consolemap: make p1 increment less confusing in con_get_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 16/36] tty/vt: consolemap: check put_user() " Jiri Slaby
2022-06-07 14:19 ` Ilpo Järvinen
2022-06-08 7:40 ` Jiri Slaby
2022-06-08 8:13 ` Ilpo Järvinen
2022-06-08 10:38 ` Andy Shevchenko
2022-06-08 10:43 ` Greg Kroah-Hartman
2022-06-08 8:02 ` David Laight
2022-06-08 8:11 ` Jiri Slaby [this message]
2022-06-08 8:13 ` Jiri Slaby
2022-06-09 8:51 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 17/36] tty/vt: consolemap: introduce enum translation_map and use it Jiri Slaby
2022-06-07 10:49 ` [PATCH 18/36] tty/vt: consolemap: remove glyph < 0 check from set_inverse_trans_unicode() Jiri Slaby
2022-06-07 10:49 ` [PATCH 19/36] tty/vt: consolemap: extract dict unsharing to con_unshare_unimap() Jiri Slaby
2022-06-07 14:30 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 20/36] tty/vt: consolemap: saner variable names in set_inverse_trans_unicode() Jiri Slaby
2022-06-07 14:34 ` Ilpo Järvinen
2022-06-07 10:49 ` [PATCH 21/36] tty/vt: consolemap: saner variable names in conv_uni_to_pc() Jiri Slaby
2022-06-07 10:49 ` [PATCH 22/36] tty/vt: consolemap: saner variable names in con_insert_unipair() Jiri Slaby
2022-06-07 10:49 ` [PATCH 23/36] tty/vt: consolemap: saner variable names in con_unify_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 24/36] tty/vt: consolemap: saner variable names in con_do_clear_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 25/36] tty/vt: consolemap: saner variable names in con_unshare_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 26/36] tty/vt: consolemap: saner variable names in con_release_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 27/36] tty/vt: consolemap: saner variable names in con_copy_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 28/36] tty/vt: consolemap: saner variable names in con_get_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 29/36] tty/vt: consolemap: saner variable names in con_set_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 30/36] tty/vt: consolemap: saner variable names in con_set_default_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 31/36] tty/vt: consolemap: make conv_uni_to_pc() more readable Jiri Slaby
2022-06-07 10:49 ` [PATCH 32/36] tty/vt: consolemap: remove superfluous whitespace Jiri Slaby
2022-06-07 10:49 ` [PATCH 33/36] tty/vt: consolemap: change refcount only if needed in con_do_clear_unimap() Jiri Slaby
2022-06-07 15:31 ` Ilpo Järvinen
2022-06-08 7:44 ` Jiri Slaby
2022-06-07 10:49 ` [PATCH 34/36] tty/vt: consolemap: extract con_allocate_new() from con_do_clear_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 35/36] tty/vt: consolemap: use con_allocate_new() in con_unshare_unimap() Jiri Slaby
2022-06-07 10:49 ` [PATCH 36/36] tty/vt: consolemap: walk the buffer only once in con_set_trans_old() Jiri Slaby
2022-06-07 16:25 ` Ilpo Järvinen
2022-06-07 12:36 ` [PATCH 01/36] tty/vt: consolemap: use ARRAY_SIZE() Ilpo Järvinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9780cd63-5cf3-7ee0-4866-160b9de0a3e8@kernel.org \
--to=jirislaby@kernel.org \
--cc=David.Laight@ACULAB.COM \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-serial@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).