Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S969941AbdIZSha (ORCPT ); Tue, 26 Sep 2017 14:37:30 -0400 Received: from shards.monkeyblade.net ([184.105.139.130]:34426 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S965144AbdIZSh2 (ORCPT ); Tue, 26 Sep 2017 14:37:28 -0400 Date: Tue, 26 Sep 2017 11:37:27 -0700 (PDT) Message-Id: <20170926.113727.1747580838880526105.davem@davemloft.net> To: mengxu.gatech@gmail.com Cc: ilyal@mellanox.com, aviadye@mellanox.com, davejwatson@fb.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, meng.xu@gatech.edu, sanidhya@gatech.edu, taesoo@gatech.edu Subject: Re: [PATCH] net/tls: move version check after second userspace fetch From: David Miller In-Reply-To: <1506266095-23003-1-git-send-email-mengxu.gatech@gmail.com> References: <1506266095-23003-1-git-send-email-mengxu.gatech@gmail.com> X-Mailer: Mew version 6.7 on Emacs 25.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.12 (shards.monkeyblade.net [149.20.54.216]); Tue, 26 Sep 2017 11:37:28 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 794 Lines: 28 From: Meng Xu Date: Sun, 24 Sep 2017 11:14:55 -0400 > @@ -382,6 +376,12 @@ static int do_tls_setsockopt_tx(struct sock *sk, char __user *optval, > rc = -EFAULT; > goto err_crypto_info; > } > + > + /* check version */ > + if (crypto_info->version != TLS_1_2_VERSION) { > + rc = -ENOTSUPP; > + goto err_crypto_info; > + } > break; > } > default: > -- > 2.7.4 > Please, again, deduce this into a single userspace copy. Otherwise we're going to add this check for every cipher we add new support for. Copy the on-stack crypto info ("tmp_crypto_info") into 'crypto_info' and then bring in from userspace any further bytes that need to be copied. That guarantees that the version will not change, and the existing check can stay where it is.