Dubios pointer casting with put_user()
Richard Sailer
richard_siegfried at systemli.org
Sun Jul 19 08:15:36 EDT 2020
On 18/07/2020 00:46, Valdis Klētnieks wrote:
> On Fri, 17 Jul 2020 02:13:34 +0200, Richard Sailer said:
>
>> unsigned long. Is this (correctness and security wise) sane? Because as
>> I understand it put_user() determines the amount it copies from the
>> pointer type.
>
>> rc = put_user(amount, (int __user *)arg);
>
> If that were true, you wouldn't need to pass the 'amount' variable....
>
Hmm, that would make no sense to me. arg is a pointer to user space
memory, put_user would still need the value to copy to that memory.
And my understanding of put_user() comes from its definition in uaccess.h:
#define put_user(x, ptr) \
({ \
int __ret_pu; \
__typeof__(*(ptr)) __pu_val; \
__chk_user_ptr(ptr); \
might_fault(); \
__pu_val = x; \
switch (sizeof(*(ptr))) { \
case 1: \
__put_user_x(1, __pu_val, ptr, __ret_pu); \
break; \
case 2: \
__put_user_x(2, __pu_val, ptr, __ret_pu); \
break; \
case 4: \
__put_user_x(4, __pu_val, ptr, __ret_pu); \
break; \
case 8: \
__put_user_x8(__pu_val, ptr, __ret_pu); \
break; \
[...]
But please tell me if I got anything wrong here, I'm still not 100% sure
-- Richard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20200719/b1fbc416/attachment-0001.sig>
More information about the Kernelnewbies
mailing list