lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Fri, 13 May 2016 16:54:01 -0400
From:	"ira.weiny" <ira.weiny@...el.com>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	Dennis Dalessandro <dennis.dalessandro@...el.com>,
	dledford@...hat.com, Mike Marciniszyn <mike.marciniszyn@...el.com>,
	linux-rdma@...r.kernel.org,
	Mitko Haralanov <mitko.haralanov@...el.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v2 3/5] IB/hfi1: Add ioctl() interface for user commands

On Thu, May 12, 2016 at 01:40:06PM -0600, Jason Gunthorpe wrote:
> On Thu, May 12, 2016 at 03:27:27PM -0400, Dennis Dalessandro wrote:
> 
> > >>+static inline int check_ioctl_access(unsigned int cmd, unsigned long arg)
> > >>+{
> > >>+	int read_cmd, write_cmd, read_ok, write_ok;
> > >>+
> > >>+	read_cmd = _IOC_DIR(cmd) & _IOC_READ;
> > >>+	write_cmd = _IOC_DIR(cmd) & _IOC_WRITE;
> > >>+	write_ok = access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
> > >>+	read_ok = access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
> > >>+
> > >>+	if ((read_cmd && !write_ok) || (write_cmd && !read_ok))
> > >>+		return -EFAULT;
> > >
> > >This seems kind of goofy, didn't Ira say this is performance senstive?
> 
> Well, calling access_ok twice when only once is typically needed is
> certainly not performant. Typically this check is done at every access
> via get_user/put_user/copy_to/from_user - why is it being hoisted like
> this?
>
> 
> > >Driver shouldn't be open coding __get_user like that, IMHO.
> > 
> > Can you explain what you mean here? We should not use __get_user()?
> 
> Generally speaking, yes. Use get_user() that includes the correct
> access_ok. Unless there is a good reason to avoid it, the standard API
> should be used.

I know this code was refactored while we were still submitting patches to Greg
KH back in Nov/Dec.  Part of this was cleaning up branch on error rather than
success.  Hence the check for access at the top of the function and early
return.

At that time I _thought_ there were multiple __get_users in some of the
operations so a single common access_ok would speed those up.  However, I don't
see that happening any longer, so either I don't remember correctly, or we have
made this cleaner.

As it stands now I think you are correct we could use get_user and
copy_to/from_user.

Ira

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ