* [PATCH] sched: core: remove access_ok() before copy_to_user()
@ 2022-08-15 14:21 Tuo Cao
2022-08-16 9:18 ` Peter Zijlstra
0 siblings, 1 reply; 3+ messages in thread
From: Tuo Cao @ 2022-08-15 14:21 UTC (permalink / raw)
To: mingo, peterz, juri.lelli, vincent.guittot
Cc: dietmar.eggemann, rostedt, bsegall, mgorman, bristot, vschneid,
linux-kernel, 91tuocao
If usize > ksize, usize may be not valid and if(!access_ok()) will return
-EFAULT. But ksize may be valid, copy_to_user() should be executed.And
also, copy_to_user() will calls access_ok() to test whether a block of
memory is a valid user space address.
Signed-off-by: Tuo Cao <91tuocao@gmail.com>
---
kernel/sched/core.c | 3 ---
1 file changed, 3 deletions(-)
diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index ee28253c9ac0..fe6a65a54626 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -7975,9 +7975,6 @@ sched_attr_copy_to_user(struct sched_attr __user *uattr,
{
unsigned int ksize = sizeof(*kattr);
- if (!access_ok(uattr, usize))
- return -EFAULT;
-
/*
* sched_getattr() ABI forwards and backwards compatibility:
*
--
2.17.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] sched: core: remove access_ok() before copy_to_user()
2022-08-15 14:21 [PATCH] sched: core: remove access_ok() before copy_to_user() Tuo Cao
@ 2022-08-16 9:18 ` Peter Zijlstra
2022-08-17 13:34 ` tuo cao
0 siblings, 1 reply; 3+ messages in thread
From: Peter Zijlstra @ 2022-08-16 9:18 UTC (permalink / raw)
To: Tuo Cao
Cc: mingo, juri.lelli, vincent.guittot, dietmar.eggemann, rostedt,
bsegall, mgorman, bristot, vschneid, linux-kernel
On Mon, Aug 15, 2022 at 10:21:37PM +0800, Tuo Cao wrote:
> If usize > ksize, usize may be not valid and if(!access_ok()) will return
> -EFAULT. But ksize may be valid, copy_to_user() should be executed.And
> also, copy_to_user() will calls access_ok() to test whether a block of
> memory is a valid user space address.
I don't follow, why do you want this to continue if the user provided
garbage input?
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] sched: core: remove access_ok() before copy_to_user()
2022-08-16 9:18 ` Peter Zijlstra
@ 2022-08-17 13:34 ` tuo cao
0 siblings, 0 replies; 3+ messages in thread
From: tuo cao @ 2022-08-17 13:34 UTC (permalink / raw)
To: Peter Zijlstra
Cc: mingo, juri.lelli, vincent.guittot, dietmar.eggemann, rostedt,
bsegall, mgorman, bristot, vschneid, linux-kernel
I just think usize has limited in caller of sched_attr_copy_to_user()
: SCHED_ATTR_SIZE_VER0 < usize < PAGE_SIZE. Maybe user provided
garbage input and cause (usize + uattr) > TASK_SIZE, but if (ksize +
uattr) < TASK_SIZE, user can also get the struct sched_attr correctly
by copy_to_user() only and there are no side effects.
So, should we really limit user get the struct sched_attr in this
situation? Thanks.
Peter Zijlstra <peterz@infradead.org> 于2022年8月16日周二 17:18写道:
>
> On Mon, Aug 15, 2022 at 10:21:37PM +0800, Tuo Cao wrote:
> > If usize > ksize, usize may be not valid and if(!access_ok()) will return
> > -EFAULT. But ksize may be valid, copy_to_user() should be executed.And
> > also, copy_to_user() will calls access_ok() to test whether a block of
> > memory is a valid user space address.
>
> I don't follow, why do you want this to continue if the user provided
> garbage input?
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-08-17 13:34 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 14:21 [PATCH] sched: core: remove access_ok() before copy_to_user() Tuo Cao
2022-08-16 9:18 ` Peter Zijlstra
2022-08-17 13:34 ` tuo cao
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).