| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Oct 2009 13:05:08 +1000 From: Dave Airlie <airlied@...il.com> To: Andi Kleen <andi@...stfloor.org> Cc: LKML <linux-kernel@...r.kernel.org>, DRI Development Mailing List <dri-devel@...ts.sourceforge.net>, Arnd Bergmann <arnd@...db.de>, David Miller <davem@...emloft.net> Subject: Re: is avoiding compat ioctls possible? On Wed, Oct 28, 2009 at 12:53 PM, Andi Kleen <andi@...stfloor.org> wrote: > Dave Airlie <airlied@...il.com> writes: > >> They used uint64_t to represent userspace pointers and userspace >> casted into those and the kernel casts back out and passes it to copy_*_user > > uint64_t is actually dangerous due to different alignment on x86-32 vs 64, > better use compat_u64/s64 We've designed that into a/c also, we pad all 64-bit values to 64-bit alignment on all the ioctls we've added to the drm in the past couple of years. Just because of this particular insanity. > >> Now I thought cool I don't need to worry about compat ioctl hackery I can >> run 32 on 64 bit apps fine and it'll all just work. >> >> Now Dave Miller points out that I'm obivously deluded and we really need >> to add compat ioctls so that the kernel can truncate correctly 32-bit address >> in case userspace shoves garbage into the top 32bits of the u64. > > When the user space sees a u64 field it should never shove garbage here. > You just have to cast on 32bit for this, which is a bit ugly. > > However some architectures need special operations on compat pointers > (s390 iirc), but if you don't support those it might be reasonable > to not support that. > >> Is there really no way to avoid compat ioctls? was I delusional in >> thinking there was? > > Experience shows that people make mistakes and you sooner or > later need them anyways to work around them. > Assume no mistakes are made, new ioctls designed from scratch and reviewed to do 32/64-bit properly. The s390 was something I didn't know about but KMS on s390 is probably never going to be something that sees the light of day. I'm just amazed that compat_ioctl should be required for all new code. DrNick on irc suggested just doing: if (is_compat_task()) ptr &= 0x00000000FFFFFFFF; Is there a one liner I can just do in the actual ioctls instead of adding 20 compat ones? Dave. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists