On Mon, Aug 25, 2025 at 02:37:11PM -0700, Kees Cook wrote:
> On Tue, Aug 05, 2025 at 06:13:56PM +0200, Uladzislau Rezki wrote:
> > I agree. Also it can be even moved under vmalloc.c. There is only one
> > user which needs it globally, it is usercopy.c. It uses find_vmap_area()
> > which is wrong. See:
> >
> > <snip>
> > if (is_vmalloc_addr(ptr) && !pagefault_disabled()) {
> > struct vmap_area *area = find_vmap_area(addr);
> >
> > if (!area)
> > usercopy_abort("vmalloc", "no area", to_user, 0, n);
> >
> > if (n > area->va_end - addr) {
> > offset = addr - area->va_start;
> > usercopy_abort("vmalloc", NULL, to_user, offset, n);
> > }
> > return;
> > }
> > <snip>
> >
> > we can add a function which just assign va_start, va_end as input
> > parameters and use them in the usercopy.c.
>
> Yes please! I'd must rather use some exported validation routine than
> having it hand-coded in usercopy.c. :)
>
I will do it :)
--
Uladzislau Rezki
