| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Sep 2016 13:33:44 -0700
From: Laura Abbott <labbott@...hat.com>
To: Arnd Bergmann <arnd@...db.de>, linaro-mm-sig@...ts.linaro.org
Cc: Sumit Semwal <sumit.semwal@...aro.org>,
John Stultz <john.stultz@...aro.org>,
Arve Hjønnevåg <arve@...roid.com>,
Riley Andrews <riandrews@...roid.com>,
devel@...verdev.osuosl.org, Jon Medhurst <tixy@...aro.org>,
Android Kernel Team <kernel-team@...roid.com>,
Liviu Dudau <Liviu.Dudau@....com>,
linux-kernel@...r.kernel.org,
Jeremy Gebben <jgebben@...eaurora.org>,
Eun Taik Lee <eun.taik.lee@...sung.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Brian Starkey <brian.starkey@....com>,
Chen Feng <puck.chen@...ilicon.com>
Subject: Re: [Linaro-mm-sig] [PATCHv2 3/4] staging: android: ion: Add an ioctl
for ABI checking
On 09/02/2016 02:02 AM, Arnd Bergmann wrote:
> On Thursday, September 1, 2016 3:40:43 PM CEST Laura Abbott wrote:
>
>> --- a/drivers/staging/android/ion/ion-ioctl.c
>> +++ b/drivers/staging/android/ion/ion-ioctl.c
>> @@ -22,6 +22,29 @@
>> #include "ion_priv.h"
>> #include "compat_ion.h"
>>
>> +union ion_ioctl_arg {
>> + struct ion_fd_data fd;
>> + struct ion_allocation_data allocation;
>> + struct ion_handle_data handle;
>> + struct ion_custom_data custom;
>> + struct ion_abi_version abi_version;
>> +};
>
> Are you introducing this, or just clarifying the defintion of the
> existing interface. For new interfaces, we should not have a union
> as an ioctl argument. Instead each ioctl command should have one
> specific structure (or better a scalar argument).
>
This was just a structure inside ion_ioctl. I pulled it out for
the validate function. It's not an actual argument to any ioctl from
userspace. ion_ioctl copies using _IOC_SIZE.
>> +static int validate_ioctl_arg(unsigned int cmd, union ion_ioctl_arg *arg)
>> +{
>> + int ret = 0;
>> +
>> + switch (cmd) {
>> + case ION_IOC_ABI_VERSION:
>> + ret = arg->abi_version.reserved != 0;
>> + break;
>> + default:
>> + break;
>> + }
>> +
>> + return ret ? -EINVAL : 0;
>> +}
>
> I agree with Greg, ioctl interfaces should normally not be versioned,
> the usual way is to try a command and see if it fails or not.
>
The concern was trying ioctls that wouldn't actually fail or would
have some other unexpected side effect.
My conclusion from the other thread was that assuming we don't botch
up adding new ioctls in the future or make incompatible changes to
these in the future we shouldn't technically need it. I was still
trying to hedge my bets against the future but that might just be
making the problem worse?
>> +/**
>> + * struct ion_abi_version
>> + *
>> + * @version - current ABI version
>> + */
>> +
>> +#define ION_ABI_VERSION KERNEL_VERSION(0, 1, 0)
>> +
>> +struct ion_abi_version {
>> + __u32 abi_version;
>> + __u32 reserved;
>> +};
>> +
>
> This interface doesn't really need a "reserved" field, you could
> as well use a __u32 by itself. If you ever need a second field,
> just add a new command number.
>
The botching-ioctls.txt document suggested everything should be aligned
to 64-bits. Was I interpreting that too literally?
> Arnd
>
Thanks,
Laura
Powered by blists - more mailing lists