| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20170619192720.2cvcz7rgvgtl4xxh@ltop.local>
Date: Mon, 19 Jun 2017 21:27:20 +0200
From: Luc Van Oostenryck <luc.vanoostenryck@...il.com>
To: Jordan Crouse <jcrouse@...eaurora.org>
Cc: linux-sparse@...r.kernel.org, linux-kernel@...r.kernel.org,
dri-devel@...ts.freedesktop.org
Subject: Re: __user with scalar data types
On Mon, Jun 19, 2017 at 10:15:09AM -0600, Jordan Crouse wrote:
> A number of us over in DRM land have been using __u64 scalar types
> to store pointers for uapi structures in accordance with Daniel Vetter's
> now classic treatise on ioctls:
>
> http://blog.ffwll.ch/2013/11/botching-up-ioctls.html
>
> A smaller number of us have further been marking the __u64 with __user,
> to wit:
>
> struct uapistruct {
> ...
> __u64 __user myptr;
> ---
> };
It wouldn't make sense to have this:
struct uapistruct {
__u64 __user myptr;
__u64 anothermember;
};
In other words, eiter all members are in the user address space
or none are. So, a struct member should not be marked __user
(exactly as for 'const' or 'volatile').
It wouldn't also make sense to move the __user to the whole struct,
giving something like:
struct uapistruct {
__u64 myptr;
__u64 anothermember;
} __user;
because it's not the type that belong to the user address space
but some specific objects.
Of course, your real problem here is that you're using a __u64 to
store a pointer and then expect this __u64 to have some properties
unique to pointers.
-- Luc Van Oostenryck (sparse hacker)
Powered by blists - more mailing lists