On 22/02/2018 16:56, Brijesh Singh wrote:
> On 02/21/2018 02:18 PM, Al Viro wrote:
>> On Wed, Feb 21, 2018 at 01:59:55PM -0600, Brijesh Singh wrote:
>>> Sure, checking access_ok() does not guarantee that later
>>> copy_from_user() will not fail. But it does eliminate one possible
>>> reason for the failure. We are trying to validate most of the user
>>> inputs before we invoke SEV command.
>> That makes no sense whatsoever. If user is deliberately fuzzing
>> your code or trying to DoS it, that "validation" doesn't buy you
>> anything - they can just as well feed you NULL, after all.
> Currently, we let user query the blob length with params.len == 0 ||
> param.uaddr == NULL. We could limit it to just params.len == 0.
>> What is the rationale for that? "Userland is accidentally feeding
>> us garbage pointers" is the case where slowness is the least of your
> My intent was to do some obvious failure checks on user inputs before
> invoking the HW. I do see your point that if userspace is feeding us
> garbage then slowness is least of our concern. If you think that we
> should not be using access_ok() in this particular case then I am okay
> with it.
Can you please send a patch? Thanks!