11 Jun
2020
11 Jun
'20
3:02 a.m.
On Wed, Jun 10, 2020 at 08:48:45AM +0000, David Laight wrote:
From: Sargun Dhillon
Sent: 10 June 2020 09:13
In essence the 'copy_to_user' is done by the wrapper code. The code filling in the CMSG buffer can be considered to be writing a kernel buffer.
IIRC other kernels (eg NetBSD) do the copies for ioctl() requests in the ioctl syscall wrapper. The IOW/IOR/IOWR flags have to be right.
Yeah, this seems like it'd make a lot more sense (and would have easily caught the IOR/IOW issue pointed out later in the thread). I wonder how insane it would be to try to fix that globally in the kernel...
--
Kees Cook