lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 Sep 2017 11:08:07 +0200
From:   Martijn Coenen <maco@...roid.com>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Christoph Hellwig <hch@...radead.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Arve Hjønnevåg <arve@...roid.com>,
        Riley Andrews <riandrews@...roid.com>,
        devel@...verdev.osuosl.org, Todd Kjos <tkjos@...roid.com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        John Stultz <john.stultz@...aro.org>
Subject: Re: [PATCH] android: binder: fix type mismatch warning

On Mon, Sep 18, 2017 at 9:49 PM, Arnd Bergmann <arnd@...db.de> wrote:
> The current Kconfig comment says that v7 of the ABI is also
> incompatible with Android 4.5 and later user space. Can someone
> confirm that?

That is not actually true - v7 does work with all versions of Android
(up to and including Oreo). In fact, we've polled some vendors, and
all vendors with a 32-bit SoC are using the v7 interface, even on
recent Android versions.

> The code looks like it's written under the assumption
> that user space would dynamically pick between v7 and v8 based
> on the return value of ioctl(..., BINDER_VERSION).

It's a build-time configuration option in Android userspace.

> b) Treat the fact that we implemented the v7 binder ABI as a bug,
> since real Android uses v8, removing all traces of the v7 code from
> the kernel, and requiring users of Android 4.4 and earlier to upgrade
> their binder to a version that runs on modern kernels.

This would be my proposal as well. In fact, we have already planned to
officially remove support for the v7 interface in Android P, and
require all devices using Android P to use the 64-bit v8 interface
(regardless of whether the machine is 32-bit or 64-bit). The one
caveat is that for stable/longterm, I think we want to leave the
config option, but perhaps flip the default (to v8). The main reason
is that some vendors may have existing devices on the v7 interface,
and maybe they're just pushing security updates. We don't want to
force them to switch to 64-bit just by pulling in the latest stable.
Does that sound reasonable?

Martijn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ