On 10/12/2022 3:04 PM, Kees Cook wrote:

On Tue, Sep 27, 2022 at 01:31:55PM -0700, Casey Schaufler wrote:

quoted

+SYSCALL_DEFINE3(lsm_module_list,
+	       unsigned int __user *, ids,
+	       size_t __user *, size,
+	       int, flags)

Please make this unsigned int.

Sure.

quoted

+{
+	unsigned int *interum;
+	size_t total_size = lsm_id * sizeof(*interum);
+	size_t usize;
+	int rc;
+	int i;

Please test that flags == 0 so it can be used in the future:

	if (flags)
		return -EINVAL;

Yup.

quoted

+
+	if (get_user(usize, size))
+		return -EFAULT;
+
+	if (usize < total_size) {
+		if (put_user(total_size, size) != 0)
+			return -EFAULT;
+		return -E2BIG;
+	}
+
+	interum = kzalloc(total_size, GFP_KERNEL);
+	if (interum == NULL)
+		return -ENOMEM;
+
+	for (i = 0; i < lsm_id; i++)
+		interum[i] = lsm_idlist[i]->id;
+
+	if (copy_to_user(ids, interum, total_size) != 0 ||
+	    put_user(total_size, size) != 0)
+		rc = -EFAULT;

No need to repeat this, if it is written first.

quoted

+	else
+		rc = lsm_id;
+
+	kfree(interum);
+	return rc;

No need for the alloc/free. Here's what I would imagine for the whole
thing:

A better approach. Thank you.

	if (flags)
		return -EINVAL;

	if (get_user(usize, size))
		return -EFAULT;

	if (put_user(total_size, size) != 0)
		return -EFAULT;

	if (usize < total_size)
		return -E2BIG;

	for (i = 0; i < lsm_id; i++)
		if (put_user(lsm_idlist[i]->id, id++))
			return -EFAULT;

	return lsm_id;