Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp548735ybe; Wed, 4 Sep 2019 04:09:46 -0700 (PDT) X-Google-Smtp-Source: APXvYqwuQqUf3rrfx7xmIPYdjdennKOQEVMP/MwDocujiwpuTCuD3cTxFisASARcwZZecEzF/l9j X-Received: by 2002:a17:90a:3b01:: with SMTP id d1mr2935793pjc.81.1567595386617; Wed, 04 Sep 2019 04:09:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567595386; cv=none; d=google.com; s=arc-20160816; b=drDOMJMCr3QTfqQ4VGyh+NVSU3n5Cp+aRjWrn9Tl4vDXkmdQ66+UtWTirLs3G7tgTt catFo7PEZ0iaO01XtfJOyHWjmV7S0UiBPnQly6+bPMQMXcFjkRB/DFiI5abP3J1eG0gR py0+Asbuy4/ERM+GRI2jWUYDZ3TYiIi8SwCBLzG+3RGlS+k2bv1iMnZTppsJHuBKPKWw YzYBrWgWBk947qgdEvkFpy6mgUi6eYH0uFtZgtfhaxRFjdO+mJajfhDwowURN+H6CewZ dpR3D7LCoWF6oTdqJzwAvNwfDvAItuY5mTmhiqx9T+5xobx74oJjjFmNl3fTMa5obbtY s6rA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=jcBAtXwcNBL4tQud4dpuXiCa7D8Q5juM0MRRT9Oo3RY=; b=szynwBLHLgmT/cY5znXpyDIu19Yr8vUxP2xec1L28omMKZe8NBFvQ+grsQJlyHL29Z eB7fXCeQXJHCa1nt2CZOOCtGoDwc5vJ7TMFTgQMTbZyseTbmyp39UOUypjUJgakQ/3R5 NPAPolTVsexRuOSXkWW7VSC3QU94Y3wA8xCgnNS0m9Whkpt4wcxJY/ZWD0Ow1iF0WVbJ 6aGkCc3EQYimW14e+HM9SBziLBh3j0cz0Kr5NMIAr8aEBUXepgEhdNGHBhLvuOtefzSV S2kMZfIB4Mim5JAvyZCjOByTBxH2JFhwan4hfxj7FYWeKtUIZ0GzQCInUVJx3rc+RMpT wM3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h124si20543509pfb.204.2019.09.04.04.09.30; Wed, 04 Sep 2019 04:09:46 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729812AbfIDLHi (ORCPT + 99 others); Wed, 4 Sep 2019 07:07:38 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:50946 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729146AbfIDLHh (ORCPT ); Wed, 4 Sep 2019 07:07:37 -0400 Received: from [213.220.153.21] (helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1i5T8Q-0004Nc-0P; Wed, 04 Sep 2019 11:07:34 +0000 Date: Wed, 4 Sep 2019 13:07:33 +0200 From: Christian Brauner To: Greg Kroah-Hartman Cc: devel@driverdev.osuosl.org, Todd Kjos , Martijn Coenen , linux-kernel@vger.kernel.org, Joel Fernandes , Arve =?utf-8?B?SGrDuG5uZXbDpWc=?= , Hridya Valsaraju , kernel-team@android.com Subject: Re: [PATCH v3 2/2] binder: Validate the default binderfs device names. Message-ID: <20190904110732.e2ddiact3jvd73pt@wittgenstein> References: <20190808222727.132744-1-hridya@google.com> <20190808222727.132744-3-hridya@google.com> <20190809145508.GD16262@kroah.com> <20190809181439.qrs2k7l23ot4am4s@wittgenstein> <20190904071929.GA19830@kroah.com> <20190904104431.ehzyllugr6fr2vjz@wittgenstein> <20190904104939.GA20711@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190904104939.GA20711@kroah.com> User-Agent: NeoMutt/20180716 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Sep 04, 2019 at 12:49:39PM +0200, Greg Kroah-Hartman wrote: > On Wed, Sep 04, 2019 at 12:44:32PM +0200, Christian Brauner wrote: > > On Wed, Sep 04, 2019 at 09:19:29AM +0200, Greg Kroah-Hartman wrote: > > > On Fri, Aug 09, 2019 at 11:41:12AM -0700, Hridya Valsaraju wrote: > > > > On Fri, Aug 9, 2019 at 11:14 AM Christian Brauner > > > > wrote: > > > > > > > > > > On Fri, Aug 09, 2019 at 04:55:08PM +0200, Greg Kroah-Hartman wrote: > > > > > > On Thu, Aug 08, 2019 at 03:27:26PM -0700, Hridya Valsaraju wrote: > > > > > > > Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME. > > > > > > > This patch adds a check in binderfs_init() to ensure the same > > > > > > > for the default binder devices that will be created in every > > > > > > > binderfs instance. > > > > > > > > > > > > > > Co-developed-by: Christian Brauner > > > > > > > Signed-off-by: Christian Brauner > > > > > > > Signed-off-by: Hridya Valsaraju > > > > > > > --- > > > > > > > drivers/android/binderfs.c | 12 ++++++++++++ > > > > > > > 1 file changed, 12 insertions(+) > > > > > > > > > > > > > > diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c > > > > > > > index aee46dd1be91..55c5adb87585 100644 > > > > > > > --- a/drivers/android/binderfs.c > > > > > > > +++ b/drivers/android/binderfs.c > > > > > > > @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = { > > > > > > > int __init init_binderfs(void) > > > > > > > { > > > > > > > int ret; > > > > > > > + const char *name; > > > > > > > + size_t len; > > > > > > > + > > > > > > > + /* Verify that the default binderfs device names are valid. */ > > > > > > > > > > > > And by "valid" you only mean "not bigger than BINDERFS_MAX_NAME, right? > > > > > > > > > > > > > + name = binder_devices_param; > > > > > > > + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) { > > > > > > > + if (len > BINDERFS_MAX_NAME) > > > > > > > + return -E2BIG; > > > > > > > + name += len; > > > > > > > + if (*name == ',') > > > > > > > + name++; > > > > > > > + } > > > > > > > > > > > > We already tokenize the binderfs device names in binder_init(), why not > > > > > > check this there instead? Parsing the same string over and over isn't > > > > > > the nicest. > > > > > > > > > > non-binderfs binder devices do not have their limit set to > > > > > BINDERFS_NAME_MAX. That's why the check has likely been made specific to > > > > > binderfs binder devices which do have that limit. > > > > > > > > > > > > Thank you Greg and Christian, for taking another look. Yes, > > > > non-binderfs binder devices not having this limitation is the reason > > > > why the check was made specific to binderfs devices. Also, when > > > > CONFIG_ANDROID_BINDERFS is set, patch 1/2 disabled the same string > > > > being parsed in binder_init(). > > > > > > > > > > > > > > But, in practice, 255 is the standard path-part limit that no-one really > > > > > exceeds especially not for stuff such as device nodes which usually have > > > > > rather standard naming schemes (e.g. binder, vndbinder, hwbinder, etc.). > > > > > So yes, we can move that check before both the binderfs binder device > > > > > and non-binderfs binder device parsing code and treat it as a generic > > > > > check. > > > > > Then we can also backport that check as you requested in the other mail. > > > > > Unless Hridya or Todd have objections, of course. > > > > > > > > I do not have any objections to adding a generic check in binder_init() instead. > > > > > > Was this patchset going to be redone based on this? > > > > No, we decided to leave this check specific to binderfs for now because > > the length limit only applies to binderfs devices. If you really want to > > have this check in binder we can send a follow-up. I would prefer to > > take the series as is. > > > > Btw, for the two binderfs series from Hridya, do you want me to get a > > branch ready and send you a PR for both of them together? > > Patches in email is fine, but can someone resend this one as I no longer > have this series in my queue anymore? Done! Christian