1. Patchew
  2. linux
  3. View series

[PATCH] sched: core: remove access_ok() before copy_to_user()

Tuo Cao posted 1 patch 3 years, 7 months ago 
kernel/sched/core.c | 3 ---
1 file changed, 3 deletions(-)
[PATCH] sched: core: remove access_ok() before copy_to_user()
Posted by Tuo Cao 3 years, 7 months ago 
If usize > ksize, usize may be not valid and if(!access_ok()) will return
-EFAULT. But ksize may be valid, copy_to_user() should be executed.And
also, copy_to_user() will calls access_ok() to test whether a block of
memory is a valid user space address.

Signed-off-by: Tuo Cao <91tuocao@gmail.com>
---
 kernel/sched/core.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/kernel/sched/core.c b/kernel/sched/core.c
index ee28253c9ac0..fe6a65a54626 100644
--- a/kernel/sched/core.c
+++ b/kernel/sched/core.c
@@ -7975,9 +7975,6 @@ sched_attr_copy_to_user(struct sched_attr __user *uattr,
 {
 	unsigned int ksize = sizeof(*kattr);
 
-	if (!access_ok(uattr, usize))
-		return -EFAULT;
-
 	/*
 	 * sched_getattr() ABI forwards and backwards compatibility:
 	 *
-- 
2.17.1
Re: [PATCH] sched: core: remove access_ok() before copy_to_user()
Posted by Peter Zijlstra 3 years, 7 months ago 
On Mon, Aug 15, 2022 at 10:21:37PM +0800, Tuo Cao wrote:
> If usize > ksize, usize may be not valid and if(!access_ok()) will return
> -EFAULT. But ksize may be valid, copy_to_user() should be executed.And
> also, copy_to_user() will calls access_ok() to test whether a block of
> memory is a valid user space address.

I don't follow, why do you want this to continue if the user provided
garbage input?
Re: [PATCH] sched: core: remove access_ok() before copy_to_user()
Posted by tuo cao 3 years, 7 months ago 
I just think usize has limited in caller of sched_attr_copy_to_user()
: SCHED_ATTR_SIZE_VER0 < usize < PAGE_SIZE. Maybe user provided
garbage input and cause (usize + uattr) > TASK_SIZE,  but if (ksize +
uattr) < TASK_SIZE, user can also get the struct sched_attr correctly
by copy_to_user() only and there are no side effects.
So, should we really limit user get the struct sched_attr in this
situation? Thanks.

Peter Zijlstra <peterz@infradead.org> 于2022年8月16日周二 17:18写道:
>
> On Mon, Aug 15, 2022 at 10:21:37PM +0800, Tuo Cao wrote:
> > If usize > ksize, usize may be not valid and if(!access_ok()) will return
> > -EFAULT. But ksize may be valid, copy_to_user() should be executed.And
> > also, copy_to_user() will calls access_ok() to test whether a block of
> > memory is a valid user space address.
>
> I don't follow, why do you want this to continue if the user provided
> garbage input?

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.