lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMP5XgfyUQT+mQ+SCFhyCSzAWevXUBpTXjpAYS54YTOb-PSpOg@mail.gmail.com>
Date:	Tue, 4 Jun 2013 16:58:02 -0700
From:	Arve Hjønnevåg <arve@...roid.com>
To:	Serban Constantinescu <Serban.Constantinescu@....com>
Cc:	LKML <linux-kernel@...r.kernel.org>,
	Greg KH <gregkh@...uxfoundation.org>,
	Android Kernel Team <kernel-team@...roid.com>,
	John Stultz <john.stultz@...aro.org>,
	Dave Butcher <Dave.Butcher@....com>
Subject: Re: [PATCH v4 2/6] staging: android: binder: fix binder interface for
 64bit compat layer

On Tue, Jun 4, 2013 at 1:54 AM, Serban Constantinescu
<Serban.Constantinescu@....com> wrote:
> On 03/06/13 22:41, Arve Hjønnevåg wrote:
>>
>> On Wed, May 22, 2013 at 3:12 AM, Serban Constantinescu
>> <serban.constantinescu@....com> wrote:
>>>
>>> The changes in this patch will fix the binder interface for use on 64bit
>>> machines and stand as the base of the 64bit compat support. The changes
>>> apply to the structures that are passed between the kernel and
>>> userspace.
>>>
>>> Most of the  changes applied mirror the change to struct binder_version
>>> where there is no need for a 64bit wide protocol_version(on 64bit
>>> machines). The change inlines with the existing 32bit userspace(the
>>> structure has the same size) and simplifies the compat layer such that
>>> the same handler can service the BINDER_VERSION ioctl.
>>>
>>> Other changes make use of kernel types as well as user-exportable ones
>>> and fix format specifier issues.
>>>
>>> The changes do not affect existing 32bit ABI.
>>>
>>> Signed-off-by: Serban Constantinescu <serban.constantinescu@....com>
>>> ---
>>>   drivers/staging/android/binder.c |   20 ++++++++++----------
>>>   drivers/staging/android/binder.h |    8 ++++----
>>>   2 files changed, 14 insertions(+), 14 deletions(-)
>>>
>>> diff --git a/drivers/staging/android/binder.c
>>> b/drivers/staging/android/binder.c
>>> index ce70909..ca79084 100644
>>> --- a/drivers/staging/android/binder.c
>>> +++ b/drivers/staging/android/binder.c
>>> @@ -1271,7 +1271,7 @@ static void
>>> binder_transaction_buffer_release(struct binder_proc *proc,
>>>                  case BINDER_TYPE_WEAK_HANDLE: {
>>>                          struct binder_ref *ref = binder_get_ref(proc,
>>> fp->handle);
>>>                          if (ref == NULL) {
>>> -                               pr_err("transaction release %d bad handle
>>> %ld\n",
>>> +                               pr_err("transaction release %d bad handle
>>> %d\n",
>>>                                   debug_id, fp->handle);
>>>                                  break;
>>>                          }
>>> @@ -1283,13 +1283,13 @@ static void
>>> binder_transaction_buffer_release(struct binder_proc *proc,
>>>
>>>                  case BINDER_TYPE_FD:
>>>                          binder_debug(BINDER_DEBUG_TRANSACTION,
>>> -                                    "        fd %ld\n", fp->handle);
>>> +                                    "        fd %d\n", fp->handle);
>>>                          if (failed_at)
>>>                                  task_close_fd(proc, fp->handle);
>>>                          break;
>>>
>>>                  default:
>>> -                       pr_err("transaction release %d bad object type
>>> %lx\n",
>>> +                       pr_err("transaction release %d bad object type
>>> %x\n",
>>>                                  debug_id, fp->type);
>>>                          break;
>>>                  }
>>> @@ -1547,7 +1547,7 @@ static void binder_transaction(struct binder_proc
>>> *proc,
>>>                  case BINDER_TYPE_WEAK_HANDLE: {
>>>                          struct binder_ref *ref = binder_get_ref(proc,
>>> fp->handle);
>>>                          if (ref == NULL) {
>>> -                               binder_user_error("%d:%d got transaction
>>> with invalid handle, %ld\n",
>>> +                               binder_user_error("%d:%d got transaction
>>> with invalid handle, %d\n",
>>>                                                  proc->pid,
>>>                                                  thread->pid,
>>> fp->handle);
>>>                                  return_error = BR_FAILED_REPLY;
>>> @@ -1590,13 +1590,13 @@ static void binder_transaction(struct binder_proc
>>> *proc,
>>>
>>>                          if (reply) {
>>>                                  if (!(in_reply_to->flags &
>>> TF_ACCEPT_FDS)) {
>>> -                                       binder_user_error("%d:%d got
>>> reply with fd, %ld, but target does not allow fds\n",
>>> +                                       binder_user_error("%d:%d got
>>> reply with fd, %d, but target does not allow fds\n",
>>>                                                  proc->pid, thread->pid,
>>> fp->handle);
>>>                                          return_error = BR_FAILED_REPLY;
>>>                                          goto err_fd_not_allowed;
>>>                                  }
>>>                          } else if (!target_node->accept_fds) {
>>> -                               binder_user_error("%d:%d got transaction
>>> with fd, %ld, but target does not allow fds\n",
>>> +                               binder_user_error("%d:%d got transaction
>>> with fd, %d, but target does not allow fds\n",
>>>                                          proc->pid, thread->pid,
>>> fp->handle);
>>>                                  return_error = BR_FAILED_REPLY;
>>>                                  goto err_fd_not_allowed;
>>> @@ -1604,7 +1604,7 @@ static void binder_transaction(struct binder_proc
>>> *proc,
>>>
>>>                          file = fget(fp->handle);
>>>                          if (file == NULL) {
>>> -                               binder_user_error("%d:%d got transaction
>>> with invalid fd, %ld\n",
>>> +                               binder_user_error("%d:%d got transaction
>>> with invalid fd, %d\n",
>>>                                          proc->pid, thread->pid,
>>> fp->handle);
>>>                                  return_error = BR_FAILED_REPLY;
>>>                                  goto err_fget_failed;
>>> @@ -1618,13 +1618,13 @@ static void binder_transaction(struct binder_proc
>>> *proc,
>>>                          task_fd_install(target_proc, target_fd, file);
>>>                          trace_binder_transaction_fd(t, fp->handle,
>>> target_fd);
>>>                          binder_debug(BINDER_DEBUG_TRANSACTION,
>>> -                                    "        fd %ld -> %d\n",
>>> fp->handle, target_fd);
>>> +                                    "        fd %d -> %d\n", fp->handle,
>>> target_fd);
>>>                          /* TODO: fput? */
>>>                          fp->handle = target_fd;
>>>                  } break;
>>>
>>>                  default:
>>> -                       binder_user_error("%d:%d got transaction with
>>> invalid object type, %lx\n",
>>> +                       binder_user_error("%d:%d got transaction with
>>> invalid object type, %x\n",
>>>                                  proc->pid, thread->pid, fp->type);
>>>                          return_error = BR_FAILED_REPLY;
>>>                          goto err_bad_object_type;
>>> @@ -2578,7 +2578,7 @@ static long binder_ioctl(struct file *filp,
>>> unsigned int cmd, unsigned long arg)
>>>                          goto err;
>>>                  }
>>>                  binder_debug(BINDER_DEBUG_READ_WRITE,
>>> -                            "%d:%d write %zd at %08lx, read %zd at
>>> %08lx\n",
>>> +                            "%d:%d write %zd at %016lx, read %zd at
>>> %016lx\n",
>>>                               proc->pid, thread->pid, bwr.write_size,
>>>                               bwr.write_buffer, bwr.read_size,
>>> bwr.read_buffer);
>>>
>>> diff --git a/drivers/staging/android/binder.h
>>> b/drivers/staging/android/binder.h
>>> index edab249..2f94d16 100644
>>> --- a/drivers/staging/android/binder.h
>>> +++ b/drivers/staging/android/binder.h
>>> @@ -48,13 +48,13 @@ enum {
>>>    */
>>>   struct flat_binder_object {
>>>          /* 8 bytes for large_flat_header. */
>>> -       unsigned long           type;
>>> -       unsigned long           flags;
>>> +       __u32           type;
>>> +       __u32           flags;
>>>
>>>          /* 8 bytes of data. */
>>>          union {
>>>                  void __user     *binder;        /* local object */
>>> -               signed long     handle;         /* remote object */
>>> +               __s32       handle;             /* remote object */
>>
>>
>> This should be unsigned to match the handle in binder_transaction_data
>> and other uses in the driver, but it is currently also used to pass
>> file descriptors. Perhaps this is better (if sou also change size of
>> the handle in binder_transaction_data to match):
>> __u32 handle; /* remote object */
>> __s32 fd; /* file descriptor */
>
>
> I will add this union and fix any uses of remote object/ file descriptor
> accordingly.
>
>
>>
>>>          };
>>>
>>>          /* extra data associated with local object */
>>> @@ -78,7 +78,7 @@ struct binder_write_read {
>>>   /* Use with BINDER_VERSION, driver fills in fields. */
>>>   struct binder_version {
>>>          /* driver protocol version -- increment with incompatible change
>>> */
>>> -       signed long     protocol_version;
>>> +       __s32       protocol_version;
>>>   };
>>>
>>>   /* This is the current protocol version. */
>>> --
>>> 1.7.9.5
>>>
>>
>> I still think the protocol_version size change on 64 bit systems
>> should go after all your other changes that affect 64 bits systems.
>> That way you don't have to change the protocol version later.
>
> At the end of this patch set we will have support for 32/32 and 64/64 binder
> calls. This patch does not add compat support for 64/32 systems and will not
> work for this configuration.
>
> However until we add:
>
>> static const struct file_operations binder_fops = {
>>         .owner = THIS_MODULE,
>>         .poll = binder_poll,
>>         .unlocked_ioctl = binder_ioctl,
>> +       .compat_ioctl = binder_ioctl,
>>         .mmap = binder_mmap,
>>         .open = binder_open,
>>         .flush = binder_flush,
>
>
> The return value for any binder ioctl from a 32bit userspace running on top
> of a 64bit kernel will be EINVAL (this happens only for 64/32 systems). Once
> we have the compat layer upstreamed we will add the above change, but until
> that point querying the binder version or any other binder iocall will fail
> (on 64/32).
>
> Let me know if you consider that changing the binder version to use __s32
> when adding the compat layer would be better.
>

If the ioctl fails on for a 32 bit process on a 64 bit kernel, you can
change the size before adding the compat_ioctl, but you need to finish
all the changes that affect a 64/64 system first. You can either split
this change in two or move the entire change to the end of your
patch-set. Can you also post your changes that add 64/32 support?

--
Arve Hjønnevåg
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ