Received: by 2002:ac0:a591:0:0:0:0:0 with SMTP id m17-v6csp61811imm; Wed, 4 Jul 2018 17:47:58 -0700 (PDT) X-Google-Smtp-Source: AAOMgpd/Q6Lm6WzpCD7fEWG9dG0IzQGY2J7yJDLy0DlvyZZ1HxkUBN5tlmFpTFgOy5Ww5Y1rj3/c X-Received: by 2002:a63:8c5:: with SMTP id 188-v6mr3535374pgi.97.1530751678413; Wed, 04 Jul 2018 17:47:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530751678; cv=none; d=google.com; s=arc-20160816; b=WjhOxxbewe1n0wM6ThaQ2AAzJFAftp8xbksXlbq9qyV3xk3mDHZn+EJvZUH6t5Onc5 BSob31qQ2fI9K/32NdR9YyApnVu/ZqtBAEwKH3f7E2+DCOEcUV5M3BnQIdAdDZt6oXOi 3ZpSUwkJbsLVQ/fAa12OBci3tWIfHPcHD3JrJIMTzFSXwXUH4MGc6SY/Gyr+KChg+fxL PehLkxCfXUZy1sIjb/RRjn9nqMpgGfAep9jP+yY+INyy8mLHjfZdjVtGujevjkUGLVQ/ U/tMlPWUZJ/JgqkledrIzCu8rUghtReP5nFkH53LjeocXf5GR7zyIq7vla+KaDF9hCYP hCiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=G/UNRuzWUEFKseldZFpEvLBgCC3Fkjho5LSHn9h+vUQ=; b=OIArL7JErT8R1Cg8hSN3IUGw9hqCd6MXAOG/yDxpwmjwa8lv9AChV0DGnKc58e6+z1 1UlIJEUW8dT8ixM8+a3ZLL92hzEfZcFt3pF73EVr2beVGFhASh0Zdhht8t0X/5b4qyxs I9NIWwBpFnELfUbmJingN/0I7QcENFuYJUv2zxAVFMFmunSMp3v6T/1jP/26Ewk99PMS Uw1I/Mt10v/VV4dA48lJ6saf17dwzKP2juJx8Eb20mlujrA8J2SYSb4JwQRY+abziFj5 /959vt3mjnSLIszkzF3MWLOFyU3jbRIjcLBXc2Ojfbio3FUVBOWBNty/qlibyF7X6efC 1j3g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j193-v6si4392227pge.689.2018.07.04.17.47.43; Wed, 04 Jul 2018 17:47:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753139AbeGEArH (ORCPT + 99 others); Wed, 4 Jul 2018 20:47:07 -0400 Received: from zeniv.linux.org.uk ([195.92.253.2]:50914 "EHLO ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752937AbeGEArG (ORCPT ); Wed, 4 Jul 2018 20:47:06 -0400 Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux)) id 1fasQH-0004FU-3C; Thu, 05 Jul 2018 00:47:01 +0000 Date: Thu, 5 Jul 2018 01:47:01 +0100 From: Al Viro To: Daniel Rosenberg Cc: Jiri Kosina , Benjamin Tissoires , linux-input@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@android.com, stable@vger.kernel.org Subject: Re: [PATCH] HID: debug: check length before copy_to_user() Message-ID: <20180705004700.GB30522@ZenIV.linux.org.uk> References: <20180702235937.111619-1-drosen@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20180702235937.111619-1-drosen@google.com> User-Agent: Mutt/1.9.1 (2017-09-22) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jul 02, 2018 at 04:59:37PM -0700, Daniel Rosenberg wrote: > If our length is greater than the size of the buffer, we > overflow the buffer Hmm... How about this: buf = list->hid_debug_buf; if (list->tail < list->head) { ret = simple_read_from_buffer(buffer, count, &list->head, buf, HID_DEBUG_BUFSIZE); if (ret < 0) break; if (list->head != buf + HID_DEBUG_BUFSIZE) break; list->head = 0; } n = simple_read_from_buffer(buffer + ret, count - ret, &list->head, buf, list->tail); if (n >= 0) ret += n; if (list->head == buf + HID_DEBUG_BUFSIZE) list->head = 0; instead?