lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Ys8OyLA35o/wr1jB@kroah.com>
Date:   Wed, 13 Jul 2022 20:28:24 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     matt.hsiao@....com
Cc:     linux-kernel@...r.kernel.org, arnd@...db.de, jerry.hoemann@....com,
        scott.norton@....com, camille.lu@....com, geoffrey.ndu@....com,
        gustavo.knuppe@....com
Subject: Re: [PATCH v2 1/1] misc: hpilo: switch .{read,write} ops to
 .{read,write}_iter

On Thu, Jul 14, 2022 at 01:54:52AM +0800, matt.hsiao@....com wrote:
> From: Matt Hsiao <matt.hsiao@....com>
> 
> Commit 4d03e3cc59828c82ee89 ("fs: don't allow kernel reads and writes
> without iter ops") requested exclusive .{read,write}_iter ops for
> kernel_{read,write}. To support dependent drivers to access hpilo by
> kernel_{read,write}, switch .{read,write} ops to their iter variants.
> 
> Signed-off-by: Matt Hsiao <matt.hsiao@....com>

So this fixes a bug?  What commit does this fix?

Should it go to stable branches?  If so, which ones?

But my main question is I have no idea what the changelog means here.
What is a "dependent driver"?  What does "exclusive" mean here?  What is
a iter variant?



> ---
>  drivers/misc/hpilo.c | 31 ++++++++++++++++++-------------
>  1 file changed, 18 insertions(+), 13 deletions(-)
> 
> diff --git a/drivers/misc/hpilo.c b/drivers/misc/hpilo.c
> index 8d00df9243c4..5d431a56b7eb 100644
> --- a/drivers/misc/hpilo.c
> +++ b/drivers/misc/hpilo.c
> @@ -23,6 +23,7 @@
>  #include <linux/wait.h>
>  #include <linux/poll.h>
>  #include <linux/slab.h>
> +#include <linux/uio.h>
>  #include "hpilo.h"
>  
>  static struct class *ilo_class;
> @@ -435,14 +436,14 @@ static void ilo_set_reset(struct ilo_hwinfo *hw)
>  	}
>  }
>  
> -static ssize_t ilo_read(struct file *fp, char __user *buf,
> -			size_t len, loff_t *off)
> +static ssize_t ilo_read_iter(struct kiocb *iocb, struct iov_iter *to)
>  {
> -	int err, found, cnt, pkt_id, pkt_len;
> -	struct ccb_data *data = fp->private_data;
> +	int err = 0, found, cnt, pkt_id, pkt_len;
> +	struct ccb_data *data = iocb->ki_filp->private_data;
>  	struct ccb *driver_ccb = &data->driver_ccb;
>  	struct ilo_hwinfo *hw = data->ilo_hw;
>  	void *pkt;
> +	size_t len = iov_iter_count(to), copied;
>  
>  	if (is_channel_reset(driver_ccb)) {
>  		/*
> @@ -477,7 +478,9 @@ static ssize_t ilo_read(struct file *fp, char __user *buf,
>  	if (pkt_len < len)
>  		len = pkt_len;
>  
> -	err = copy_to_user(buf, pkt, len);
> +	copied = copy_to_iter(pkt, len, to);
> +	if (unlikely(copied != len))

Why unlikely?  If you can prove it is needed in benchmarks, great,
otherwise never add likely/unlikely as they are almost always wrong and
the compiler and cpu can do it better.


> +		err = -EFAULT;
>  
>  	/* return the received packet to the queue */
>  	ilo_pkt_enqueue(hw, driver_ccb, RECVQ, pkt_id, desc_mem_sz(1));
> @@ -485,14 +488,14 @@ static ssize_t ilo_read(struct file *fp, char __user *buf,
>  	return err ? -EFAULT : len;
>  }
>  
> -static ssize_t ilo_write(struct file *fp, const char __user *buf,
> -			 size_t len, loff_t *off)
> +static ssize_t ilo_write_iter(struct kiocb *iocb, struct iov_iter *from)
>  {
> -	int err, pkt_id, pkt_len;
> -	struct ccb_data *data = fp->private_data;
> +	int err = 0, pkt_id, pkt_len;
> +	struct ccb_data *data = iocb->ki_filp->private_data;
>  	struct ccb *driver_ccb = &data->driver_ccb;
>  	struct ilo_hwinfo *hw = data->ilo_hw;
>  	void *pkt;
> +	size_t len = iov_iter_count(from), copied;
>  
>  	if (is_channel_reset(driver_ccb))
>  		return -ENODEV;
> @@ -506,9 +509,11 @@ static ssize_t ilo_write(struct file *fp, const char __user *buf,
>  		len = pkt_len;
>  
>  	/* on failure, set the len to 0 to return empty packet to the device */
> -	err = copy_from_user(pkt, buf, len);
> -	if (err)
> +	copied = copy_from_iter(pkt, len, from);
> +	if (unlikely(copied != len)) {

Same here.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ