Hello Yashpal, On Fri, Feb 15, 2013 at 03:22:54PM +0000, Dutta Yashpal-B05456 wrote: > This can break because copy_from/to_user() copies from the current user > process (which should be obvious, since > there's no way to tell it which user process to copy from). > > In a syscall invoked by your userspace process this is OK, because the > current process is your userspace > process. However, within the kernel thread (as in worker thread) the current > process could be any other > process on the system - so one may be copying from a random process's memory, > which is why garbage can > be written in physical memory.
Well, reviewing the code I can second that using CIOCASYNCCRYPT in combination with COP_FLAG_NO_ZC is problematic. I guess the best solution would be to have the ioctl-handler deny such requests. Zero-copy operation is unaffected, though since while still in process context the mm_struct belonging to the process is saved and passed to get_user_pages later on. Greetings, Phil _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel
