[PATCH] ipv6: avoid copy_from_user() via ipv6_renew_options_kern()
David Miller
davem at davemloft.net
Sat Jun 23 01:57:06 UTC 2018
From: Paul Moore <pmoore at redhat.com>
Date: Fri, 22 Jun 2018 17:18:20 -0400
> - const mm_segment_t old_fs = get_fs();
> -
> - set_fs(KERNEL_DS);
> - ret_val = ipv6_renew_options(sk, opt, newtype,
> - (struct ipv6_opt_hdr __user *)newopt,
> - newoptlen);
> - set_fs(old_fs);
So is it really the case that the traditional construct:
set_fs(KERNEL_DS);
... copy_{from,to}_user(...);
set_fs(old_fs);
is no longer allowed?
Setting fs to KERNEL_DS is supposed to make user copies work on kernel
memory. Or at least it did for 20+ years :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list