lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Wed, 28 Oct 2009 13:05:08 +1000
From:	Dave Airlie <>
To:	Andi Kleen <>
Cc:	LKML <>,
	DRI Development Mailing List 
	<>, Arnd Bergmann <>,
	David Miller <>
Subject: Re: is avoiding compat ioctls possible?

On Wed, Oct 28, 2009 at 12:53 PM, Andi Kleen <> wrote:
> Dave Airlie <> writes:
>> They used uint64_t to represent userspace pointers and userspace
>> casted into those and the kernel casts back out and passes it to copy_*_user
> uint64_t is actually dangerous due to different alignment on x86-32 vs 64,
> better use compat_u64/s64

We've designed that into a/c also, we pad all 64-bit values to 64-bit
alignment on all the
ioctls we've added to the drm in the past couple of years. Just because of
this particular insanity.

>> Now I thought cool I don't need to worry about compat ioctl hackery I can
>> run 32 on 64 bit apps fine and it'll all just work.
>> Now Dave Miller points out that I'm obivously deluded and we really need
>> to add compat ioctls so that the kernel can truncate correctly 32-bit address
>> in case userspace shoves garbage into the top 32bits of the u64.
> When the user space sees a u64 field it should never shove garbage here.
> You just have to cast on 32bit for this, which is a bit ugly.
> However some architectures need special operations on compat pointers
> (s390 iirc), but if you don't support those it might be reasonable
> to not support that.
>> Is there really no way to avoid compat ioctls? was I delusional in
>> thinking there was?
> Experience shows that people make mistakes and you sooner or
> later need them anyways to work around them.

Assume no mistakes are made, new ioctls designed from scratch
and reviewed to do 32/64-bit properly. The s390 was something I didn't
know about but KMS on s390 is probably never going to be something
that sees the light of day.

I'm just amazed that compat_ioctl should be required for all new code.

DrNick on irc suggested just doing:
if (is_compat_task()) ptr &= 0x00000000FFFFFFFF;

Is there a one liner I can just do in the actual ioctls instead of
adding 20 compat

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

Powered by blists - more mailing lists