From: David Laight <David.Laight@ACULAB.COM>
To: 'Peter Collingbourne' <pcc@google.com>
Cc: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Colin Ian King <colin.king@canonical.com>,
Cong Wang <cong.wang@bytedance.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: RE: [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls
Date: Fri, 27 Aug 2021 08:34:04 +0000 [thread overview]
Message-ID: <dfe40435294b43b6860153b9200a39fc@AcuMS.aculab.com> (raw)
In-Reply-To: <CAMn1gO5eT=S-BcbhDDM9=s5r1zspO==nbJjYV-p9JFq-U5U+eA@mail.gmail.com>
From: Peter Collingbourne
> Sent: 26 August 2021 20:46
...
> > The other sane thing is to check _IOC_SIZE().
> > Since all the SIOCxxxx have a correct _IOC_SIZE() that can be
> > used to check the user copy length.
> > (Unlike socket options the correct length is always supplied.
>
> FWIW, it doesn't look like any of them have the _IOC_SIZE() bits set,
> so that won't work. _IOC_TYPE() seems better anyway.
Linus must have stolen those definitions from SVSV not one of the BSDs.
The BSD's started using the high 16 bits when they moved to 32bit.
Something I've written kernel code for required those bits be set
and would then do the user copies in the syscall entry paths.
It won't be SYSV because I used 3 character 'type' fields on that.
Windows does do the copies - but is entirely 'not quite' different.
So it must have been NetBDSD.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2021-08-27 8:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-26 1:27 [PATCH] net: don't unconditionally copy_from_user a struct ifreq for socket ioctls Peter Collingbourne
2021-08-26 6:39 ` Greg KH
2021-08-26 19:46 ` Peter Collingbourne
2021-08-26 8:12 ` David Laight
2021-08-26 19:46 ` Peter Collingbourne
2021-08-27 8:34 ` David Laight [this message]
2021-08-26 8:58 ` Arnd Bergmann
2021-08-26 19:46 ` Peter Collingbourne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfe40435294b43b6860153b9200a39fc@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=colin.king@canonical.com \
--cc=cong.wang@bytedance.com \
--cc=davem@davemloft.net \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pcc@google.com \
--cc=stable@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).