Re: [PATCH] KVM: SVM: Fix sparse: incorrect type in argument 1 (different base types)

[Brijesh Singh]

On 02/21/2018 02:18 PM, Al Viro wrote:
> On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote:
>
> > Sure, checking access_ok() does not guarantee that later
> > copy_from_user() will not fail. But it does eliminate one possible
> > reason for the failure. We are trying to validate most of the user
> > inputs before we invoke SEV command.
>
> That makes no sense whatsoever.  If user is deliberately fuzzing
> your code or trying to DoS it, that "validation" doesn't buy you
> anything - they can just as well feed you NULL, after all.


Currently, we let user query the blob length with params.len == 0 || 
param.uaddr == NULL. We could limit it to just params.len == 0.


> What is the rationale for that?  "Userland is accidentally feeding
> us garbage pointers" is the case where slowness is the least of your
> concerns...

My intent was to do some obvious failure checks on user inputs before 
invoking the HW. I do see your point that if userspace is feeding us 
garbage then slowness is least of our concern. If you think that we 
should not be using access_ok() in this particular case then I am okay 
with it.