2 Feb
2011
2 Feb
'11
2:28 p.m.
On Wed, 2011-02-02 at 13:07 +0000, Mark Brown wrote:
On Wed, Feb 02, 2011 at 11:29:05AM +0000, Dimitris Papastamos wrote:
- if (ret >= 0) {
if (!access_ok(VERIFY_WRITE, user_buf, ret)) {ret = -EFAULT;goto out;}if (copy_to_user(user_buf, buf, ret)) {ret = -EFAULT;goto out;}Why do we need the access_ok() here? I'd really expect copy_to_user() to do the right thing here and simple_read_from_buffer() doesn't do this.
I thought it'd be a problem if userspace provides a pointer that points in kernelspace. The call to access_ok() ensures that the pointer lies indeed in userspace. I noticed that simple_read_from_buffer() doesn't do this, but I did not see how this could harm things.
Thanks, Dimitris