[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <21d7e9970910272005mbb268r7b16493a22ca275a@mail.gmail.com>
Date: Wed, 28 Oct 2009 13:05:08 +1000
From: Dave Airlie <airlied@...il.com>
To: Andi Kleen <andi@...stfloor.org>
Cc: LKML <linux-kernel@...r.kernel.org>,
DRI Development Mailing List
<dri-devel@...ts.sourceforge.net>, Arnd Bergmann <arnd@...db.de>,
David Miller <davem@...emloft.net>
Subject: Re: is avoiding compat ioctls possible?
On Wed, Oct 28, 2009 at 12:53 PM, Andi Kleen <andi@...stfloor.org> wrote:
> Dave Airlie <airlied@...il.com> writes:
>
>> They used uint64_t to represent userspace pointers and userspace
>> casted into those and the kernel casts back out and passes it to copy_*_user
>
> uint64_t is actually dangerous due to different alignment on x86-32 vs 64,
> better use compat_u64/s64
We've designed that into a/c also, we pad all 64-bit values to 64-bit
alignment on all the
ioctls we've added to the drm in the past couple of years. Just because of
this particular insanity.
>
>> Now I thought cool I don't need to worry about compat ioctl hackery I can
>> run 32 on 64 bit apps fine and it'll all just work.
>>
>> Now Dave Miller points out that I'm obivously deluded and we really need
>> to add compat ioctls so that the kernel can truncate correctly 32-bit address
>> in case userspace shoves garbage into the top 32bits of the u64.
>
> When the user space sees a u64 field it should never shove garbage here.
> You just have to cast on 32bit for this, which is a bit ugly.
>
> However some architectures need special operations on compat pointers
> (s390 iirc), but if you don't support those it might be reasonable
> to not support that.
>
>> Is there really no way to avoid compat ioctls? was I delusional in
>> thinking there was?
>
> Experience shows that people make mistakes and you sooner or
> later need them anyways to work around them.
>
Assume no mistakes are made, new ioctls designed from scratch
and reviewed to do 32/64-bit properly. The s390 was something I didn't
know about but KMS on s390 is probably never going to be something
that sees the light of day.
I'm just amazed that compat_ioctl should be required for all new code.
DrNick on irc suggested just doing:
if (is_compat_task()) ptr &= 0x00000000FFFFFFFF;
Is there a one liner I can just do in the actual ioctls instead of
adding 20 compat
ones?
Dave.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists