lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160512174332.GB13553@obsidianresearch.com>
Date:	Thu, 12 May 2016 11:43:32 -0600
From:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To:	Dennis Dalessandro <dennis.dalessandro@...el.com>
Cc:	dledford@...hat.com, Mike Marciniszyn <mike.marciniszyn@...el.com>,
	linux-rdma@...r.kernel.org,
	Mitko Haralanov <mitko.haralanov@...el.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	Ira Weiny <ira.weiny@...el.com>
Subject: Re: [PATCH v2 3/5] IB/hfi1: Add ioctl() interface for user commands

On Thu, May 12, 2016 at 10:18:47AM -0700, Dennis Dalessandro wrote:
> +	case HFI1_IOCTL_EP_INFO:
> +	case HFI1_IOCTL_EP_ERASE_CHIP:
> +	case HFI1_IOCTL_EP_ERASE_RANGE:
> +	case HFI1_IOCTL_EP_READ_RANGE:
> +	case HFI1_IOCTL_EP_WRITE_RANGE:
> +		if (!capable(CAP_SYS_ADMIN))
> +			return -EPERM;
> +		if (copy_from_user(&ucmd,
> +				   (struct hfi11_cmd __user *)arg,
> +				   sizeof(ucmd)))
> +			return -EFAULT;
> +		return handle_eprom_command(fp, &ucmd);

I thought we agreed to get rid of this as well? It certainly does not
belong here, and as a general rule, I don't think ioctls should be
doing capable tests..

> +static inline int check_ioctl_access(unsigned int cmd, unsigned long arg)
> +{
> +	int read_cmd, write_cmd, read_ok, write_ok;
> +
> +	read_cmd = _IOC_DIR(cmd) & _IOC_READ;
> +	write_cmd = _IOC_DIR(cmd) & _IOC_WRITE;
> +	write_ok = access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
> +	read_ok = access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
> +
> +	if ((read_cmd && !write_ok) || (write_cmd && !read_ok))
> +		return -EFAULT;

This seems kind of goofy, didn't Ira say this is performance senstive?

Driver shouldn't be open coding __get_user like that, IMHO.

> +#define HFI1_IOCTL_RECV_CTRL \
> +	_IOW(IB_IOCTL_MAGIC, HFI1_CMD_RECV_CTRL, int)

Have you audited this? Confused why this is marked IOW when I see
this:

+       case HFI1_IOCTL_RECV_CTRL:
+               ret = __get_user(uval, (int __user *)arg);

Seeing many other examples.

I stopped looking again

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ