Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp1113001ybp; Wed, 9 Oct 2019 09:00:10 -0700 (PDT) X-Google-Smtp-Source: APXvYqwfWFHMhVvW025bx2jjE3kBHL21URfbh12ZtsPyacvQqgdDpZUWtAK3cTNw16/z5FTeK2Hj X-Received: by 2002:aa7:c259:: with SMTP id y25mr3588463edo.117.1570636810753; Wed, 09 Oct 2019 09:00:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570636810; cv=none; d=google.com; s=arc-20160816; b=tumqEXpFqr47aFBVCC7xEQx2+jsQBtiC6LBiPEHIQN5wpNH4nluaxPb1xLY62SmpSG QP96R24xss+PuF4j4W/IzNw/eXtSkOHELbPtH6xOXgfJttm6i7fDxAaJAc/xI1NxIdny 0v+h6qW4pBfN6M4PnKyiC3nFr6+pnBkOiLCpO7lGstuR0AMa6v/DvrrIx2VeSYf58y0w tvqiQsqqMz6Z34no6vVf+hv5UL4c7sKyEc6JlIZLl30IF8XZ3U3OD7L+M7PLjk3K+ypg c95yb4WYLOAeYymLvNZsqjVd/VCei1mxC3qLUIksu2T/VM9GyseXGnp/1NuAvFYUQKaV UTkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=WFlHeCQkLJIGXl9Y3KrukrQID/Wna2DJQv+XBSRue9Y=; b=DvVeZwzGy9s4UFoCyLWhnqs/AdpEcUJW/+8I4+zkAfqcaoZFeHCL416SUlG9XGZAA2 HJgKTTiKTQuGh2+o4rLbtbLdFJ6z64gILVS8jXIpyymtOpE19hpbA0GyIyTE7TXz4vFJ ggKxIkCnC/crkv9bdM9P6LfJcGST+keenv+okhFlJfS8BBnKAfw64jGo2p0I26RkJMZE k+pTX5H00sGhlb++8Xu5xBkhTp7zZS/N6qwSXCCvQMo0jhptrDgW3hmOR/sfdNKVS8QP 980ICST1gien7dmncisbjRzlrEgK2hlehhXDWHBQwdo6QyY6OcV5lusuVujNdZ8+vaiD Cosw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XSNQSZgT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bt6si1602292edb.69.2019.10.09.08.59.46; Wed, 09 Oct 2019 09:00:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=XSNQSZgT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731497AbfJIP4n (ORCPT + 99 others); Wed, 9 Oct 2019 11:56:43 -0400 Received: from mail-lj1-f193.google.com ([209.85.208.193]:39589 "EHLO mail-lj1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731386AbfJIP4n (ORCPT ); Wed, 9 Oct 2019 11:56:43 -0400 Received: by mail-lj1-f193.google.com with SMTP id y3so3031425ljj.6 for ; Wed, 09 Oct 2019 08:56:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=WFlHeCQkLJIGXl9Y3KrukrQID/Wna2DJQv+XBSRue9Y=; b=XSNQSZgTy/3vmdQhLFPTjXXYD6ObdqSRS6amglcHznGRfnkPseJTLpqG9mOCmXl20O yIHDn/sAzQOKTJcW92jhNrq38uA1AW8FAVMp/p+RDlfrBN4jSNPVGjVxOBCnDbl/9fqj QjQNcNQbugzH3odS4wlSIae/lZolrXDPU0cZgOqJvTvBAKVVPfzbZvyNNTEiRf6lTwwU E8jvNcw8MbQjm91OZL4ozM0rTDsPxu0yEFfUSHLkFsc8VwjVv5uY2+mcMpXAeidrfPSi ckhYDlIvrUpEaplYaM3oIpnshhIrYknkLUi3TStf4taJX64c439wzauU2hee+gtVbzf/ Itxg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WFlHeCQkLJIGXl9Y3KrukrQID/Wna2DJQv+XBSRue9Y=; b=bJInqtD0Xo080viSuzXZ0A7u0VB42KCZ0xphTIhNcgmt3LynXlSpE6LcPFWDFqskIC SRUbFP1FskuOlIdshiBfTGmb9sJG1RENca30MMgAJadCEESrj9Pkwr1SU1smqBStxH6+ 03WpcvS4LoClxqlgkn3VhB9xfVEnovXeBPIYlKjyj6cbYgTWi3cY9JGrakcIEvXaDLAc XahOaKiQWyB+7oQlT3KMWgmese+3ukwEQnGv6Rai6RrpIOaO8CNWAOp6LxYFBzK7W8zK JFf2TIcwyVjH+IE4rj/iVwVU4Fh3B5rAqzagiaJYt54sxq0+d5tmBr8Ls5HscC4BbyD6 yNlQ== X-Gm-Message-State: APjAAAU1lPPq8ZNHXi1XHp9/OhaPdsiiwuQZt25otkO7Jt2uwBihMjzZ famrlytng1pEoqAXK9g/TdyzXmpZCxawBEZkvCw0Aw== X-Received: by 2002:a2e:6a04:: with SMTP id f4mr2924621ljc.186.1570636599381; Wed, 09 Oct 2019 08:56:39 -0700 (PDT) MIME-Version: 1.0 References: <20191008130159.10161-1-christian.brauner@ubuntu.com> <20191008180516.GB143258@google.com> <20191009104011.rzfdvq7otkkj533m@wittgenstein> In-Reply-To: <20191009104011.rzfdvq7otkkj533m@wittgenstein> From: Todd Kjos Date: Wed, 9 Oct 2019 08:56:28 -0700 Message-ID: Subject: Re: [PATCH] binder: prevent UAF read in print_binder_transaction_log_entry() To: Christian Brauner Cc: Joel Fernandes , Todd Kjos , Jann Horn , =?UTF-8?B?QXJ2ZSBIasO4bm5ldsOlZw==?= , Christian Brauner , "open list:ANDROID DRIVERS" , Greg Kroah-Hartman , LKML , Martijn Coenen , Hridya Valsaraju Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 9, 2019 at 3:40 AM Christian Brauner wrote: > > On Tue, Oct 08, 2019 at 02:05:16PM -0400, Joel Fernandes wrote: > > On Tue, Oct 08, 2019 at 03:01:59PM +0200, Christian Brauner wrote: [...] > > > > One more thought, this can be made dependent on CONFIG_BINDERFS since regular > > binder devices cannot be unregistered AFAICS and as Jann said, the problem is > > BINDERFS specific. That way we avoid the memcpy for _every_ transaction. > > These can be thundering when Android starts up. > > Unless Todd sees this as a real performance problem I'm weary to > introduce additional checking and record a pointer for non-binderfs and > a memcpy() for binderfs devices. :) > I don't see this as a real problem. In practice, memcpy will be moving < 10 bytes. Also, by the time this code is in an android device, CONFIG_BINDERFS will always be enabled since this is how we are removing binder's use of debugfs. So a micro-optimization of the !BINDERFS case will not be meaningful. [...]