RE: [PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator

From: David Laight
Date: Thu Nov 05 2020 - 04:00:07 EST

Next message: Lee Jones: "Re: [PATCH 34/36] tty: serial: pmac_zilog: Make disposable variable __always_unused"
Previous message: Vaittinen, Matti: "Re: [PATCH v4 2/4] mfd: Support ROHM BD9576MUF and BD9573MUF"
In reply to: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Next in thread: Song Liu: "Re: [PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Daniel Xu
> Sent: 05 November 2020 02:26
...
> --- a/lib/strncpy_from_user.c
> +++ b/lib/strncpy_from_user.c
> @@ -35,17 +35,22 @@ static inline long do_strncpy_from_user(char *dst, const char __user *src,
> goto byte_at_a_time;
>
> while (max >= sizeof(unsigned long)) {
> - unsigned long c, data;
> + unsigned long c, data, mask, *out;
>
> /* Fall back to byte-at-a-time if we get a page fault */
> unsafe_get_user(c, (unsigned long __user *)(src+res), byte_at_a_time);

It's not related to this change, but since both addresses
are aligned (checked earlier) a page fault on the word read
is fatal.

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Lee Jones: "Re: [PATCH 34/36] tty: serial: pmac_zilog: Make disposable variable __always_unused"
Previous message: Vaittinen, Matti: "Re: [PATCH v4 2/4] mfd: Support ROHM BD9576MUF and BD9573MUF"
In reply to: Daniel Xu: "[PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Next in thread: Song Liu: "Re: [PATCH bpf v2 1/2] lib/strncpy_from_user.c: Don't overcopy bytes after NUL terminator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]