Received: by 2002:a05:7412:8521:b0:e2:908c:2ebd with SMTP id t33csp60822rdf; Thu, 2 Nov 2023 13:49:49 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFsIalqcj75dClRYfLKBa33WzaJUEYiTAxE6Dhl1ieskWkpD+TRIerw1MGV3Rc7IMPL2TqO X-Received: by 2002:a05:6a00:1396:b0:6b7:b42f:e438 with SMTP id t22-20020a056a00139600b006b7b42fe438mr21127858pfg.8.1698958189290; Thu, 02 Nov 2023 13:49:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1698958189; cv=none; d=google.com; s=arc-20160816; b=nHwxc+WdBN4/DIBgbw8MjEIgVlZtELm8K0Yn/Px+jnHLh/68GNOgvnhhJc+AbWDA5F ymtSmKZ1e2DNbLBI707n9/TDo0Yiy+lm/8VgBSTfESGYeaVPB7HO8s7WPD+xDRmjQXKB 76FOkjL0hZqDQLb9nyRKTdvQ5T/E40xGAapN9es/nidHakrqAr1gyIC4AxXGGlumeJmL 6Dm9aJ20YoiprVmdzN77GHyVe/JmwNRt4NjLQ/nTZu3hvUYvE2QEF/5/Hv+O7fSaaWHk sxHxcExtMNcMRU/+dWavsCbS6Pqx7RcLlvD1gellcBBFZtfiDmsTcKL5Lp6sCQaZp3mo LVPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=O7iSBn9AfkPqt/uSYK72qO1u/XTtah1iL+HToWOURDc=; fh=+Wr3ruND5dDtIVYo5ZnVfo5XIf3nFNJt4QNxNcdptHU=; b=xfU+FqKSOkEwm5dnfDa5rJzK9O6JppwilYt3Py0MJ7FKhDNUEbn5ZtTw1njBw+9hxv 78hKSsc+nV670ZwEtcrj5VY19QaxR6Q+CPxrUvPH5RCSwncCuZ/EvrP+fwAha/glp+WR g2Orq4tfNz/4Khn+YGnAF1wKefIyguX9DlMfOIShCf6Kvu8gXDcybIVAE978AYt4nvRn ZKz4M3cRmn8aMY59fUbgyaLVFJqx1CabhQNqf1WNZnCef9d5LhFWLILTvaznk+nG0UCj ktjysgTWQk/Z8XJ/gtL8fpOX/LDtiHJyetoTYT2oths79G69RbdJQNio2nz0aRkRkffy 2I2g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=YpkzWybd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id bx10-20020a056a00428a00b006901387b09bsi254115pfb.344.2023.11.02.13.49.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Nov 2023 13:49:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=YpkzWybd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 55E1C810CABB; Thu, 2 Nov 2023 13:49:44 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234346AbjKBUt3 (ORCPT + 99 others); Thu, 2 Nov 2023 16:49:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45672 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229459AbjKBUt2 (ORCPT ); Thu, 2 Nov 2023 16:49:28 -0400 Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [IPv6:2a03:a000:7:0:5054:ff:fe1c:15ff]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 34D40184; Thu, 2 Nov 2023 13:49:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To: Content-Transfer-Encoding:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Reply-To:Content-ID:Content-Description; bh=O7iSBn9AfkPqt/uSYK72qO1u/XTtah1iL+HToWOURDc=; b=YpkzWybdPpo8ZX7oJE/mF6Nbu0 dyDdnFsJKnhYD49Nx1qhK3HZijqyiAnV8iaIFkS2P7VIhVaIiyW8ueF3Er0FA5nmvlXAMGgpktc2W XYf5GO5cw6ioWlbKhJDDG+l8PCGaiRg56vojVSa9KetVIAO6PKcuEgAVq9/PlNvrtjyaXz2at1COp glnk6qkGv95IqAfaXB/aotr+RckKY/bWWItf26fcETTizJ5R8TtH9s/heXFxYN8aWOe/06BlPGDuD 2k6wPuupOlxsH3MjX1/Uun31YzrE5VhlNC8wX8goOvwzDEjGanI9+D46isjSDimArp5XwopNzJJX+ A+nGzYjQ==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux)) id 1qyech-009x1D-2S; Thu, 02 Nov 2023 20:49:03 +0000 Date: Thu, 2 Nov 2023 20:49:03 +0000 From: Al Viro To: David Airlie Cc: Philipp Stanner , Greg Kroah-Hartman , Jiri Slaby , Andrew Morton , Kefeng Wang , Tony Luck , Ard Biesheuvel , linux-kernel@vger.kernel.org, linux-serial@vger.kernel.org Subject: Re: [PATCH] drivers/tty/vt: copy userspace arrays safely Message-ID: <20231102204903.GM1957730@ZenIV> References: <20231102192134.53301-2-pstanner@redhat.com> <20231102201424.GL1957730@ZenIV> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: Al Viro X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Thu, 02 Nov 2023 13:49:44 -0700 (PDT) On Fri, Nov 03, 2023 at 06:24:09AM +1000, David Airlie wrote: > On Fri, Nov 3, 2023 at 6:14 AM Al Viro wrote: > > > > On Thu, Nov 02, 2023 at 08:21:35PM +0100, Philipp Stanner wrote: > > > The functions (v)memdup_user() are utilized to copy userspace arrays. > > > This is done without overflow checks. > > > > > > Use the new wrappers memdup_array_user() and vmemdup_array_user() to > > > copy the arrays more safely. > > > > > @@ -644,7 +644,7 @@ int con_set_unimap(struct vc_data *vc, ushort ct, struct unipair __user *list) > > > if (!ct) > > > return 0; > > > > > - unilist = vmemdup_user(list, array_size(sizeof(*unilist), ct)); > > > + unilist = vmemdup_array_user(list, ct, sizeof(*unilist)); > > > if (IS_ERR(unilist)) > > > return PTR_ERR(unilist); > > > > a 16bit value times sizeof(something). > > So since it's already using array_size here, moving it to a new helper > for consistency just makes things clearer, and so you are fine with > the patch? Sigh... OK, if you want it spelled out, there we go. I have no objections to the contents of patches; e.g. in case of ppp ioctl it saves the reader a grep in search of structure definitions, which is a good thing. The one and only suggestion I have for those patches is that such patches might be better off with explicit "in this case the overflow is avoided due to , but use of this helper makes it obviously safe" - or, in case of real bugs, "the overflow is, indeed, possible here", in which case Fixes: ... and Cc: stable might be in order.