| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Sep 2018 22:18:52 +0200
From: Arnd Bergmann <arnd@...db.de>
To: Jason Gunthorpe <jgg@...pe.ca>
Cc: Darren Hart <dvhart@...radead.org>,
Al Viro <viro@...iv.linux.org.uk>,
Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>,
gregkh <gregkh@...uxfoundation.org>,
David Miller <davem@...emloft.net>,
driverdevel <devel@...verdev.osuosl.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
qat-linux@...el.com,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@...r.kernel.org>,
Linux Media Mailing List <linux-media@...r.kernel.org>,
dri-devel <dri-devel@...ts.freedesktop.org>,
linaro-mm-sig@...ts.linaro.org, amd-gfx@...ts.freedesktop.org,
"open list:HID CORE LAYER" <linux-input@...r.kernel.org>,
linux-iio@...r.kernel.org, linux-rdma <linux-rdma@...r.kernel.org>,
linux-nvdimm@...ts.01.org, linux-nvme@...ts.infradead.org,
linux-pci <linux-pci@...r.kernel.org>,
Platform Driver <platform-driver-x86@...r.kernel.org>,
linux-remoteproc@...r.kernel.org,
sparclinux <sparclinux@...r.kernel.org>,
linux-scsi <linux-scsi@...r.kernel.org>,
USB list <linux-usb@...r.kernel.org>,
linux-fbdev@...r.kernel.org,
linuxppc-dev <linuxppc-dev@...ts.ozlabs.org>,
linux-btrfs <linux-btrfs@...r.kernel.org>,
ceph-devel <ceph-devel@...r.kernel.org>,
linux-wireless <linux-wireless@...r.kernel.org>,
Networking <netdev@...r.kernel.org>
Subject: Re: [PATCH v2 05/17] compat_ioctl: move more drivers to generic_compat_ioctl_ptrarg
On Tue, Sep 18, 2018 at 7:59 PM Jason Gunthorpe <jgg@...pe.ca> wrote:
>
> On Tue, Sep 18, 2018 at 10:51:08AM -0700, Darren Hart wrote:
> > On Fri, Sep 14, 2018 at 09:57:48PM +0100, Al Viro wrote:
> > > On Fri, Sep 14, 2018 at 01:35:06PM -0700, Darren Hart wrote:
> > >
> > > > Acked-by: Darren Hart (VMware) <dvhart@...radead.org>
> > > >
> > > > As for a longer term solution, would it be possible to init fops in such
> > > > a way that the compat_ioctl call defaults to generic_compat_ioctl_ptrarg
> > > > so we don't have to duplicate this boilerplate for every ioctl fops
> > > > structure?
> > >
> > > Bad idea, that... Because several years down the road somebody will add
> > > an ioctl that takes an unsigned int for argument. Without so much as looking
> > > at your magical mystery macro being used to initialize file_operations.
> >
> > Fair, being explicit in the declaration as it is currently may be
> > preferable then.
>
> It would be much cleaner and safer if you could arrange things to add
> something like this to struct file_operations:
>
> long (*ptr_ioctl) (struct file *, unsigned int, void __user *);
>
> Where the core code automatically converts the unsigned long to the
> void __user * as appropriate.
>
> Then it just works right always and the compiler will help address
> Al's concern down the road.
I think if we wanted to do this with a new file operation, the best
way would be to do the copy_from_user()/copy_to_user() in the caller
as well.
We already do this inside of some subsystems, notably drivers/media/,
and it simplifies the implementation of the ioctl handler function
significantly. We obviously cannot do this in general, both because of
traditional drivers that have 16-bit command codes (drivers/tty and others)
and also because of drivers that by accident defined the commands
incorrectly and use the wrong type or the wrong direction in the
definition.
Arnd
Powered by blists - more mailing lists