lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 7 Sep 2016 17:14:48 -0700 From: Laura Abbott <labbott@...hat.com> To: Arnd Bergmann <arnd@...db.de>, linaro-mm-sig@...ts.linaro.org Cc: Sumit Semwal <sumit.semwal@...aro.org>, John Stultz <john.stultz@...aro.org>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Arve Hjønnevåg <arve@...roid.com>, Riley Andrews <riandrews@...roid.com>, Brian Starkey <brian.starkey@....com>, devel@...verdev.osuosl.org, Jon Medhurst <tixy@...aro.org>, Android Kernel Team <kernel-team@...roid.com>, Liviu Dudau <Liviu.Dudau@....com>, linux-kernel@...r.kernel.org, Jeremy Gebben <jgebben@...eaurora.org>, Eun Taik Lee <eun.taik.lee@...sung.com>, Chen Feng <puck.chen@...ilicon.com> Subject: Re: [Linaro-mm-sig] [PATCHv3 2/2] staging: android: ion: Add ioctl to query available heaps On 09/07/2016 12:37 PM, Arnd Bergmann wrote: > On Wednesday, September 7, 2016 11:49:59 AM CEST Laura Abbott wrote: > >> - if (dir & _IOC_WRITE) >> - if (copy_from_user(&data, (void __user *)arg, _IOC_SIZE(cmd))) >> - return -EFAULT; >> + /* >> + * The copy_from_user is unconditional here for both read and write >> + * to do the validate. If there is no write for the ioctl, the >> + * buffer is cleared >> + */ >> + if (copy_from_user(&data, (void __user *)arg, _IOC_SIZE(cmd))) >> + return -EFAULT; >> + >> + ret = validate_ioctl_arg(cmd, &data); >> + if (WARN_ON_ONCE(ret)) >> + return ret; > > I noticed that the WARN_ON_ONCE warns about invalid user input, > but I think we tend to normally just use WARN_ON for things that > go wrong inside of the kernel or in hardware. > > Maybe better use printk_once() or printk_ratelimited. > Sure, the error code should hopefully be enough of a hint to userspace to maybe check the log. > Is there any noticeable overhead in always copying the structure? > copy_from_user() can be a bit slow depending on debugging or > security features, and it seems unnecessary if the validation > is only done for one of the commands. > Good point. It made sense with some of the other ioctls (specifically the ABI) but isn't necessary now. We can evaluate later when other ioctls get added. > Otherwise the patch looks good to me. > > Arnd > Thanks! Laura
Powered by blists - more mailing lists