lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 12 May 2016 15:27:27 -0400
From:	Dennis Dalessandro <dennis.dalessandro@...el.com>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
Cc:	dledford@...hat.com, Mike Marciniszyn <mike.marciniszyn@...el.com>,
	linux-rdma@...r.kernel.org,
	Mitko Haralanov <mitko.haralanov@...el.com>,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	Ira Weiny <ira.weiny@...el.com>
Subject: Re: [PATCH v2 3/5] IB/hfi1: Add ioctl() interface for user commands

On Thu, May 12, 2016 at 11:43:32AM -0600, Jason Gunthorpe wrote:
>On Thu, May 12, 2016 at 10:18:47AM -0700, Dennis Dalessandro wrote:
>> +	case HFI1_IOCTL_EP_INFO:
>> +	case HFI1_IOCTL_EP_ERASE_CHIP:
>> +	case HFI1_IOCTL_EP_ERASE_RANGE:
>> +	case HFI1_IOCTL_EP_READ_RANGE:
>> +	case HFI1_IOCTL_EP_WRITE_RANGE:
>> +		if (!capable(CAP_SYS_ADMIN))
>> +			return -EPERM;
>> +		if (copy_from_user(&ucmd,
>> +				   (struct hfi11_cmd __user *)arg,
>> +				   sizeof(ucmd)))
>> +			return -EFAULT;
>> +		return handle_eprom_command(fp, &ucmd);
>
>I thought we agreed to get rid of this as well? It certainly does not
>belong here, and as a general rule, I don't think ioctls should be
>doing capable tests..

Yeah. I left it in this patch set because this just "ports" our existing 
code to ioctl(). The eprom stuff is completely removed in another patch set 
that I posted shortly after this. It's at:

http://marc.info/?l=linux-rdma&m=146307409301822&w=2

>> +static inline int check_ioctl_access(unsigned int cmd, unsigned long arg)
>> +{
>> +	int read_cmd, write_cmd, read_ok, write_ok;
>> +
>> +	read_cmd = _IOC_DIR(cmd) & _IOC_READ;
>> +	write_cmd = _IOC_DIR(cmd) & _IOC_WRITE;
>> +	write_ok = access_ok(VERIFY_WRITE, (void __user *)arg, _IOC_SIZE(cmd));
>> +	read_ok = access_ok(VERIFY_READ, (void __user *)arg, _IOC_SIZE(cmd));
>> +
>> +	if ((read_cmd && !write_ok) || (write_cmd && !read_ok))
>> +		return -EFAULT;
>
>This seems kind of goofy, didn't Ira say this is performance senstive?

I'll let Ira comment here on the performance aspect. I agree it looks goofy.  
Suggestion on how to make it look better? Or are you saying this is 
incorrect?

>Driver shouldn't be open coding __get_user like that, IMHO.

Can you explain what you mean here? We should not use __get_user()?

>
>> +#define HFI1_IOCTL_RECV_CTRL \
>> +	_IOW(IB_IOCTL_MAGIC, HFI1_CMD_RECV_CTRL, int)
>
>Have you audited this? Confused why this is marked IOW when I see
>this:
>
>+       case HFI1_IOCTL_RECV_CTRL:
>+               ret = __get_user(uval, (int __user *)arg);
>
>Seeing many other examples.
>
>I stopped looking again

_IOW means user is writing data to the device. So the device is reading data 
from the user. Or am I missing your point?

-Denny

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ