Hi Cyrill,
On 3/23/21 10:06 PM, Cyrill Gorcunov wrote:
[..]
> --- linux-tip.git.orig/kernel/sys.c
> +++ linux-tip.git/kernel/sys.c
> @@ -1961,6 +1961,30 @@ out:
> return error;
> }
>
> +static int copy_auxv_from_user(unsigned long *auxv, size_t auxv_size,
> + const void __user *addr, size_t len)
> +{
> + BUG_ON(auxv_size != sizeof(current->mm->saved_auxv));
Nit:
size_t auxv_size = sizeof(user_auxv);
BUILD_BUG_ON(sizeof(user_auxv) != sizeof(current->mm->saved_auxv));
(to make it local variable instead of a parameter and get rid of a new
BUG_ON())
> +
> + if (!addr || len > auxv_size)
> + return -EINVAL;
> +
> + memset(auxv, 0, auxv_size);
> + if (len && copy_from_user(auxv, addr, len))
> + return -EFAULT;
> +
> + /*
> + * Specification requires the vector to be
> + * ended up with AT_NULL entry so user space
> + * will notice where to stop enumerating.
> + */
> + if (len == auxv_size) {
> + auxv[AT_VECTOR_SIZE - 2] = AT_NULL;
> + auxv[AT_VECTOR_SIZE - 1] = AT_NULL;
I don't follow why it became conditional.
Perhaps, you meant that memset(0) above will zerofy it anyway, but in
case (len == auxv_size - 1) it won't work. Or I'm missing something
obvious :-)
Thanks,
Dima
