RE: [PATCH] clone3: validate stack arguments

From: David Laight
Date: Thu Oct 31 2019 - 10:27:42 EST

Next message: Takashi Iwai: "[GIT PULL] sound fixes for 5.4-rc6"
Previous message: Adrian Ratiu: "[PATCH 4/4] dt-bindings: display: add IMX MIPI DSI host controller doc"
In reply to: Aleksa Sarai: "Re: [PATCH] clone3: validate stack arguments"
Next in thread: Oleg Nesterov: "Re: [PATCH] clone3: validate stack arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>From Christian Brauner
> Sent: 31 October 2019 11:36
>
> Validate the stack arguments and setup the stack depening on whether or not
> it is growing down or up.
>
...
> -static bool clone3_args_valid(const struct kernel_clone_args *kargs)
> +/**
> + * clone3_stack_valid - check and prepare stack
> + * @kargs: kernel clone args
> + *
> + * Verify that the stack arguments userspace gave us are sane.
> + * In addition, set the stack direction for userspace since it's easy for us to
> + * determine.
> + */
> +static inline bool clone3_stack_valid(struct kernel_clone_args *kargs)
> +{
> + if (kargs->stack == 0) {
> + if (kargs->stack_size > 0)
> + return false;
> + } else {
> + if (kargs->stack_size == 0)
> + return false;
> +
> + if (!access_ok((void __user *)kargs->stack, kargs->stack_size))
> + return false;

Does access_ok() do anything useful here?
It only verifies that the buffer isn't in kernel space.

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Takashi Iwai: "[GIT PULL] sound fixes for 5.4-rc6"
Previous message: Adrian Ratiu: "[PATCH 4/4] dt-bindings: display: add IMX MIPI DSI host controller doc"
In reply to: Aleksa Sarai: "Re: [PATCH] clone3: validate stack arguments"
Next in thread: Oleg Nesterov: "Re: [PATCH] clone3: validate stack arguments"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]