Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp662626ybl; Fri, 9 Aug 2019 11:43:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqz9BndTAkMEjqgXhRDS8LkLzf+XulKGxxgmw1W7HnLGPl0r8ZhsqcyN+ePJH/0vPCiHFimA X-Received: by 2002:a17:902:9688:: with SMTP id n8mr19837906plp.227.1565376196260; Fri, 09 Aug 2019 11:43:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565376196; cv=none; d=google.com; s=arc-20160816; b=OvVEY8SDjLPEbNLHjkjD8/B8bOSTZjXz48FprYp7DbewQtDRNHNRoBr85gtnWH5kqp h0EfLEB06zx1VdvBmvVDB0hyDttn7dfZbGeYH6XULWO2pXPUgs9Y3RjW0YKhG/QOWEUN /4uxNfG11vjeJwmE/Pp9WNwZpmdlKEsrOah1oQ2eaF2abfw67q4AuuhOqGZ7lJyK+hEF XYR9PZGEt6FhMo6uPWkByb15NkXJWZZLTN/kbJga0aJ7EDrFe/R/vBgHeM0HZUuuh3V9 yU47taftyQYY2IJj6yp/XLmyD2YmoE2UsZgydmGeccXrKrlDPO9Q/vhVoZrQMfC67XvH V5sg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=65V1JuI2VA80cQiA+hQRPmXIFv0sktRgZklgyYT7uA0=; b=hcBNiDtN2JqBB0KU24pgO6zgbVOeGhM3D1mWO2toliGb7gNCNU8J7g66G2TwVeb9xc Gbp56XpNUlqBDHi/oJ98sGFrVqE90MjOBzVaJSQ5JwofmSYnjCEJGh0+pU/0QUaLxNUM QZ0LJWN/A+XqSUXTXwrbAl+/y6nVYFvueY2iBSlk+spFr/df5PSDEMBKFt1ahCPm8yCc S5F9XzKRfzxaGPQn/ZBI0Kfzx2yhozhM+v5kGM3BMF361136rqaudddXw2pvMDN+JY8b qreC78beCeAA8zOI7sdATjsu/mtEzxP/uKxIt8Vn/96DuM2GwqazEaU2JDgdCVrjw6SD yIOQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DWPweNNh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t9si4980646pjw.22.2019.08.09.11.42.58; Fri, 09 Aug 2019 11:43:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=DWPweNNh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407511AbfHISlu (ORCPT + 99 others); Fri, 9 Aug 2019 14:41:50 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:32965 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726255AbfHISlu (ORCPT ); Fri, 9 Aug 2019 14:41:50 -0400 Received: by mail-ot1-f68.google.com with SMTP id q20so136192950otl.0 for ; Fri, 09 Aug 2019 11:41:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=65V1JuI2VA80cQiA+hQRPmXIFv0sktRgZklgyYT7uA0=; b=DWPweNNhV4+ruQv9Ddd4zqB9w0vtKDVgapB/ZVHrS05Sn8qP4BmMIriNe0wx9XQBGH hOF76QgLBKdnwg6w3+Dkuq+ngwyXRP42e/T1eL02kQNGDu00IXab7lmWTo0QiBysr9E/ TeZlVF/M1hklUCmW09cFplmzLG5DScXSOgnbkJACjKVnylHr2s87Eta7YTGr9m2xvVN8 qRoINJQcSrSlsguzfhx7xCQRiujtA2/A+kve2xletz9rb8leO26rubFGhWdtoxPAfIJS QrRzC4jGVAGQLe/Khw7yFoWPIhCpLPo4hC5Ujj2mu3KCwC/8PxZjQ2eu95XsZzEB7vE8 Y8Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=65V1JuI2VA80cQiA+hQRPmXIFv0sktRgZklgyYT7uA0=; b=a7Mh7h2QZimzJx+zOs2FfrFaVt36gDo4Bandt1PURZT5qfJDDgPIOCD+ngVOEikKyk 8lLQxxHlu8S9kL/zu4RApHOHPJ8YHUVCcE6ubkuehPBXK+m0rrfIASPgA+HeLwWsjY9D OfixZ2up8ZVRgAM+7kzHsVjFsJynOx5xqO+h9mXhoyU3/sgY3O48TaSR9XsNb4CcUig2 uPg3N2GUVQmYAIDw0BU7CdujNeYEpq2de5IGW3CLbCbrtwGFShDOPITMlC0H8m5Ybtgn ovPo+g+IKYTfmybma9AbJejBK9hTVEDRiXTud3VS8K6Md2roGyaut5UcbTCpABM673rJ 3Obw== X-Gm-Message-State: APjAAAVp6l0JX4ev/numu0Vu6uMci4QnM5xG6iuhfVwRTFkbapJK0LMT lu/SIUCRE0rkoF7DWfUWajf5FsTWXaRlZGVZ9TF+mA== X-Received: by 2002:a9d:73d0:: with SMTP id m16mr20182380otk.190.1565376108768; Fri, 09 Aug 2019 11:41:48 -0700 (PDT) MIME-Version: 1.0 References: <20190808222727.132744-1-hridya@google.com> <20190808222727.132744-3-hridya@google.com> <20190809145508.GD16262@kroah.com> <20190809181439.qrs2k7l23ot4am4s@wittgenstein> In-Reply-To: <20190809181439.qrs2k7l23ot4am4s@wittgenstein> From: Hridya Valsaraju Date: Fri, 9 Aug 2019 11:41:12 -0700 Message-ID: Subject: Re: [PATCH v3 2/2] binder: Validate the default binderfs device names. To: Christian Brauner Cc: Greg Kroah-Hartman , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Todd Kjos , Martijn Coenen , Joel Fernandes , devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org, kernel-team@android.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Aug 9, 2019 at 11:14 AM Christian Brauner wrote: > > On Fri, Aug 09, 2019 at 04:55:08PM +0200, Greg Kroah-Hartman wrote: > > On Thu, Aug 08, 2019 at 03:27:26PM -0700, Hridya Valsaraju wrote: > > > Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME. > > > This patch adds a check in binderfs_init() to ensure the same > > > for the default binder devices that will be created in every > > > binderfs instance. > > > > > > Co-developed-by: Christian Brauner > > > Signed-off-by: Christian Brauner > > > Signed-off-by: Hridya Valsaraju > > > --- > > > drivers/android/binderfs.c | 12 ++++++++++++ > > > 1 file changed, 12 insertions(+) > > > > > > diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c > > > index aee46dd1be91..55c5adb87585 100644 > > > --- a/drivers/android/binderfs.c > > > +++ b/drivers/android/binderfs.c > > > @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = { > > > int __init init_binderfs(void) > > > { > > > int ret; > > > + const char *name; > > > + size_t len; > > > + > > > + /* Verify that the default binderfs device names are valid. */ > > > > And by "valid" you only mean "not bigger than BINDERFS_MAX_NAME, right? > > > > > + name = binder_devices_param; > > > + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) { > > > + if (len > BINDERFS_MAX_NAME) > > > + return -E2BIG; > > > + name += len; > > > + if (*name == ',') > > > + name++; > > > + } > > > > We already tokenize the binderfs device names in binder_init(), why not > > check this there instead? Parsing the same string over and over isn't > > the nicest. > > non-binderfs binder devices do not have their limit set to > BINDERFS_NAME_MAX. That's why the check has likely been made specific to > binderfs binder devices which do have that limit. Thank you Greg and Christian, for taking another look. Yes, non-binderfs binder devices not having this limitation is the reason why the check was made specific to binderfs devices. Also, when CONFIG_ANDROID_BINDERFS is set, patch 1/2 disabled the same string being parsed in binder_init(). > > But, in practice, 255 is the standard path-part limit that no-one really > exceeds especially not for stuff such as device nodes which usually have > rather standard naming schemes (e.g. binder, vndbinder, hwbinder, etc.). > So yes, we can move that check before both the binderfs binder device > and non-binderfs binder device parsing code and treat it as a generic > check. > Then we can also backport that check as you requested in the other mail. > Unless Hridya or Todd have objections, of course. I do not have any objections to adding a generic check in binder_init() instead. > > Christian