On Wed, 2016-07-06 at 15:25 -0700, Kees Cook wrote: > > + /* Allow kernel rodata region (if not marked as Reserved). > */ > + if (ptr >= (const void *)__start_rodata && > + end <= (const void *)__end_rodata) > + return NULL; > One comment here.
__check_object_size gets "to_user" as an argument.
It may make sense to pass that to check_heap_object, and
only allow copy_to_user from rodata, never copy_from_user,
since that section should be read only.
> +void __check_object_size(const void *ptr, unsigned long n, bool
> to_user)
> +{
>
--
All Rights Reversed.
signature.asc
Description: This is a digitally signed message part
