lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Dec 2013 15:40:06 -0800
From:	Colin Cross <ccross@...roid.com>
To:	One Thousand Gnomes <gnomes@...rguk.ukuu.org.uk>
Cc:	Greg KH <gregkh@...uxfoundation.org>,
	Serban Constantinescu <serban.constantinescu@....com>,
	Arve Hjønnevåg <arve@...roid.com>,
	"devel@...verdev.osuosl.org" <devel@...verdev.osuosl.org>,
	lkml <linux-kernel@...r.kernel.org>,
	John Stultz <john.stultz@...aro.org>,
	David Butcher <Dave.Butcher@....com>,
	Ian Rogers <irogers@...gle.com>, romlem@...roid.com
Subject: Re: [PATCH v1 9/9] staging: android: binder: Add binder compat layer

On Wed, Dec 4, 2013 at 3:21 PM, One Thousand Gnomes
<gnomes@...rguk.ukuu.org.uk> wrote:
> On Wed, 4 Dec 2013 10:35:54 -0800
> Greg KH <gregkh@...uxfoundation.org> wrote:
>
>> On Wed, Dec 04, 2013 at 06:09:41PM +0000, Serban Constantinescu wrote:
>> > +#define size_helper(x) ({                                              \
>> > +   size_t __size;                                                      \
>> > +   if (!is_compat_task())                                              \
>> > +           __size = sizeof(x);                                         \
>> > +   else if (sizeof(x) == sizeof(struct flat_binder_object))            \
>> > +           __size = sizeof(struct compat_flat_binder_object);          \
>> > +   else if (sizeof(x) == sizeof(struct binder_transaction_data))       \
>> > +           __size = sizeof(struct compat_binder_transaction_data);     \
>> > +   else if (sizeof(x) == sizeof(size_t))                               \
>> > +           __size = sizeof(compat_size_t);                             \
>> > +   else                                                                \
>> > +            BUG();                                                     \
>> > +   __size;                                                             \
>> > +   })
>>
>> Ick.
>>
>> First off, no driver should ever be able to crash the kernel, which you
>> just did.
>
> And which would appear to mean that this code hasn't actually been
> tested - at least not properly with error cases ?
>
> You talk about type safety too but your code is already full of
> "put_user(node->ptr, (void * __user *)ptr))"

None of this (the patch series or the original code) is mine.  My
question was more of a general one on designing ioctls, as well as
concerns with changing the existing 32-bit api.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists