Date: Wed, 17 Jan 2018 04:27:21 +0000
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Jeff Moyer <jmoyer@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>, Avi Kivity <avi@scylladb.com>,
        linux-aio@kvack.org, linux-fsdevel@vger.kernel.org,
        netdev@vger.kernel.org, linux-api@vger.kernel.org,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 32/32] aio: implement io_pgetevents
Message-ID: <20180117042721.GT13338@ZenIV.linux.org.uk>
References: <20180110155853.32348-1-hch@lst.de>
 <20180110155853.32348-33-hch@lst.de>
 <x49k1wmdcxn.fsf@segfault.boston.devel.redhat.com>
 <20180115085310.GB32532@lst.de>
 <20180116120433.GA14579@lst.de>
 <x493735b9l7.fsf@segfault.boston.devel.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <x493735b9l7.fsf@segfault.boston.devel.redhat.com>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org

On Tue, Jan 16, 2018 at 07:41:24PM -0500, Jeff Moyer wrote:
>  	if (sigmask) {
> -		if (copy_from_user(&ksigmask, sigmask, sizeof(ksigmask)))
> +		if (!access_ok(VERIFY_READ, sigmask,
> +			       sizeof(void *) + sizeof(size_t)) ||
> +		    __get_user(up, (sigset_t __user * __user *)sigmask) ||
> +		    __get_user(sigsetsize,
> +			       (size_t __user *)(sigmask + sizeof(void *))))
>  			return -EFAULT;

How about copy_from_user() on a struct?  Making eyes bleed is fun, but
people tend to get annoyed when you do it to them...