Re: [PATCH RFC v2] tpm: tpm_vtpm_proxy: do not reference kernel memory as user memory
From: Stefan Berger
Date: Tue May 30 2023 - 13:46:10 EST
On 5/29/23 22:01, Jarkko Sakkinen wrote:
From: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxx>
- rc = copy_to_user(buf, proxy_dev->buffer, len);
+ if (buf)
+ rc = copy_to_user(buf, proxy_dev->buffer, len);
+
Looking through other drivers it seems buf is always expected to be a valid non-NULL pointer on file_operations.read().
https://elixir.bootlin.com/linux/latest/source/arch/x86/mm/tlb.c#L1279 simple_read_from_buffer will pass the pointer to the user buffer along and it ('to') ends up in copy_to_user(to, ...);
Same here: https://elixir.bootlin.com/linux/latest/source/security/integrity/ima/ima_fs.c#L41