lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250710-ehegatte-undicht-6b71310cb1ef@brauner>
Date: Thu, 10 Jul 2025 14:11:26 +0200
From: Christian Brauner <brauner@...nel.org>
To: Arnd Bergmann <arnd@...db.de>
Cc: Christoph Hellwig <hch@...radead.org>, Arnd Bergmann <arnd@...nel.org>, 
	linux-fsdevel@...r.kernel.org, linux-block@...r.kernel.org, Anuj Gupta <anuj20.g@...sung.com>, 
	"Martin K. Petersen" <martin.petersen@...cle.com>, Kanchan Joshi <joshi.k@...sung.com>, 
	LTP List <ltp@...ts.linux.it>, Dan Carpenter <dan.carpenter@...aro.org>, 
	Benjamin Copeland <benjamin.copeland@...aro.org>, rbm@...e.com, Naresh Kamboju <naresh.kamboju@...aro.org>, 
	Anders Roxell <anders.roxell@...aro.org>, Jens Axboe <axboe@...nel.dk>, 
	Pavel Begunkov <asml.silence@...il.com>, Alexey Dobriyan <adobriyan@...il.com>, 
	"Darrick J. Wong" <djwong@...nel.org>, Eric Biggers <ebiggers@...gle.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] block: fix FS_IOC_GETLBMD_CAP parsing in
 blkdev_common_ioctl()

> Christian's version using the copy_struct_{from,to}_user()
> aims to avoid most of the problems. The main downside I see
> here is the extra complexity in the kernel. As far as I can
> tell, this has mainly led to extra kernel bugs but has not
> actually resulted in any structure getting seamlessly
> extended.

We extended ioctls multiple times seemlessly and other than this bug
right here I'm not aware of anything serious. Not liking it is fine of
course but saying "this caused a bug so go away" I won't take all too
seriously, sorry.

I don't want to go down the road of structure revisions for stuff in the
generic layer. Others can do whatever they see fit ofc and userspace can
then have its usualy ifdeffery and structure layout detection party
instead of a clean generic solution. I'd rather clean up the necessary
vetting bits and properly document how this can be done.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ