| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Jun 2014 21:05:44 +0530
From: Vinod Koul <vinod.koul@...el.com>
To: Takashi Iwai <tiwai@...e.de>
Cc: "Wang, Xiaoming" <xiaoming.wang@...el.com>, jeeja.kp@...el.com,
dhowells@...hat.com, arnd@...db.de, tglx@...utronix.de,
mtk.manpages@...il.com, paulmck@...ux.vnet.ibm.com,
davej@...hat.com, linux-kernel@...r.kernel.org,
dongxing.zhang@...el.com
Subject: Re: [PATCH] ALSA: compress: Fix the mismatch size of struc between
share lib(32bit) and kernel(64bit)
On Mon, Jun 09, 2014 at 09:24:53AM +0200, Takashi Iwai wrote:
> At Mon, 09 Jun 2014 16:46:32 -0400,
> Wang, Xiaoming wrote:
> >
> >
> > The size of struct snd_compr_avail is 0x1c in 32bit kernel,
> > while it is 0x20 in 64bit kernel 0x4 bytes added because of
> > alignment. It is OK when 32bit kernel met 32bit user space.
> > There exist stack corruption if 64bit kernel met 32bit user
> > space, because the size of struct snd_compr_avail is 0x1c
> > in 32bit user space which is smaller than it will get from
> > kernel. The extra 4 bytes can corrupt the stack, and
> > introduce unpredictable error.
> >
> > Signed-off-by: Zhang Dongxing <dongxing.zhang@...el.com>
> > Signed-off-by: xiaoming wang <xiaoming.wang@...el.com>
>
> This would break the existing 32bit systems, so I don't think we can
> take this approach.
>
> Either break the 64bit systems (which aren't deployed yet much, so
> far) by adding packed attribute, or implement 32/64 bit conversion in
> compat_ioctl fop.
I think former should be safe for now. Anyway we have only 1 driver using this
in mainline so fallout shouldn't be widespread!
--
~Vinod
>
>
> thanks,
>
> Takashi
>
> > ---
> > include/uapi/sound/compress_offload.h | 1 +
> > 1 files changed, 1 insertions(+), 0 deletions(-)
> >
> > diff --git a/include/uapi/sound/compress_offload.h b/include/uapi/sound/compress_offload.h
> > index 5759810..766b416 100644
> > --- a/include/uapi/sound/compress_offload.h
> > +++ b/include/uapi/sound/compress_offload.h
> > @@ -70,6 +70,7 @@ struct snd_compr_tstamp {
> > __u32 pcm_frames;
> > __u32 pcm_io_frames;
> > __u32 sampling_rate;
> > + __u32 reserved[1];
> > };
> >
> > /**
> > --
> > 1.7.1
> >
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists