Re: [PATCH v2] prctl: Add PR_GET_AUXV to copy auxv to userspace

From: Josh Triplett
Date: Tue Apr 04 2023 - 20:25:52 EST


On Wed, Apr 05, 2023 at 09:24:36AM +0900, Josh Triplett wrote:
> On Tue, Apr 04, 2023 at 12:43:55PM -0700, Andrew Morton wrote:
> > On Tue, 4 Apr 2023 21:31:48 +0900 Josh Triplett <josh@xxxxxxxxxxxxxxxx> wrote:
> > > --- a/kernel/sys.c
> > > +++ b/kernel/sys.c
> > > @@ -2377,6 +2377,16 @@ static inline int prctl_get_mdwe(unsigned long arg2, unsigned long arg3,
> > > PR_MDWE_REFUSE_EXEC_GAIN : 0;
> > > }
> > >
> > > +static int prctl_get_auxv(void __user *addr, unsigned long len)
> > > +{
> > > + struct mm_struct *mm = current->mm;
> > > + unsigned long size = min_t(unsigned long, sizeof(mm->saved_auxv), len);
> > > +
> > > + if (size && copy_to_user(addr, mm->saved_auxv, size))
> > > + return -EFAULT;
> > > + return sizeof(mm->saved_auxv);
> > > +}
> >
> > The type choices are unpleasing. Maybe make `len' a size_t and make
> > the function return a size_t? That way prctl_get_auxv() will be much
> > nicer, but the caller less so.
>
> It'd have to be an ssize_t return to support returning -EFAULT. Also,
> sadly, size_t would still look just as bad, because
> `sizeof(mm->saved_auxv)` doesn't have type size_t (at least according to
> the error from the type-safe min macro). So this would still need a cast
> or a `min_t`.
>
> But I'm happy to change the argument to size_t and the return value to
> ssize_t, if you'd prefer. Will send v3 with that changed.

That said, *all* the other helper functions here seem to return int...