31 May
2023
31 May
'23
7:47 a.m.
From: Stefan Berger
Sent: 30 May 2023 18:46
On 5/29/23 22:01, Jarkko Sakkinen wrote:
From: Jarkko Sakkinen jarkko.sakkinen@tuni.fi
- rc = copy_to_user(buf, proxy_dev->buffer, len);
- if (buf)
rc = copy_to_user(buf, proxy_dev->buffer, len);Looking through other drivers it seems buf is always expected to be a valid non-NULL pointer on file_operations.read().
If the user passes NULL the copy_to/from_user() fails and -EFAULT is returned.
Adding the NULL check makes the request silently succeed. I doubt that is anywhere near right when you ignore copy_from_user().
I'm not sure what the rational/subject is about either. copy_to/from_user() calls access_ok() and will fail on a kernel address.
David
- Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)