Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4275148ybx;
        Mon, 4 Nov 2019 10:34:53 -0800 (PST)
X-Google-Smtp-Source: APXvYqwadLYOw0vRielHv/kwdB6EiR+DGWsr1dG0PQrj+ul3JFoqy6lln4x9q6/PwuPhQQbsq4Ad
X-Received: by 2002:a17:906:3d2:: with SMTP id c18mr17180081eja.111.1572892493098;
        Mon, 04 Nov 2019 10:34:53 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1572892493; cv=none;
        d=google.com; s=arc-20160816;
        b=lt4Nx5p1+AvGk4xC50M9Ozw51MVmzomiLUukbUREreWwAJZYR8lWoBSR7WUAWV50Cs
         3+z3qwFdJGmQFAsZtw/JArDk2uKXvYkXAAS0t9U5X8dB/O3npbeuUNgswA0QThFWuF+P
         ZCgkTLv1vH0bQoJw7wg0dMFbM4o7SrYcWN+0uGNGjuZMMaMqDtix27lSstxvc3ckkIjU
         kayDz5WF94mGIHtD2KWHqU1eeWBqRbEpp8yHe9H5sfDtyOdgeRwstg4wYCb6n/6zL/u+
         +RqFOPZMYERmmgOSlO9DVM75zwkX5E5ekxzpyyZUTxbaWC53btrgn6JMsLkiXxLYTyp9
         5zsw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=;
        b=0Rqw2ByqdaTCwKVsRx/NYEc7tSTrQDfJehr2YmYbxzANYr/yNZQm3aNjGBqbF4FSX/
         /qKoizXmVnqCPzYnnurQdieVgpwpvVEU8EZsnSC9e0nspwgRCblJyWPgqWsJfOKDACB+
         VQ9jvQ9AKkJAP8zJ3s2ps5PZ8IcH/OSMf+50qe8EPiTHmPYlalCGa9ztraDIbS7c71Uc
         4TfPnTZxQXfp0KTsy7l/GLfS2iojUxy6oFp6ik4tF8cpLuvcb+GBlevzSwxeGhD7dP24
         QfhLDayckqE+T1WLQlAl8xOTc7TYuG44lwdIp/HbRlnYWFqAM+cx3Wbr5s/G1WuJPGXe
         wiXw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=ZwZbZIBW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g19si8275226edb.280.2019.11.04.10.34.30;
        Mon, 04 Nov 2019 10:34:53 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=ZwZbZIBW;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729312AbfKDScv (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Mon, 4 Nov 2019 13:32:51 -0500
Received: from mail-oi1-f193.google.com ([209.85.167.193]:34430 "EHLO
        mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727998AbfKDScv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Nov 2019 13:32:51 -0500
Received: by mail-oi1-f193.google.com with SMTP id l202so15042666oig.1
        for <linux-kernel@vger.kernel.org>; Mon, 04 Nov 2019 10:32:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=;
        b=ZwZbZIBWQ+1OPsCtH8o21sKLwWYTv0Kawog0LE/+kqZNZkKsrkMxmIP2M2Fb9jXc7H
         PfBqNkyAv4wjM1gG1iSziv44ViPJDPX9/dSI9wUBBPa3fkwlAFoHnhh9qBZBvkqzlee9
         UVbTycJm7wH3UBOVZm0jBLDmKjfKhsthLVfDpqxEnOkFamie1kQZ1YwX6Z4xjkx4PKu1
         IAQFGY0QW6ISt3Yd7pbZg2zTQXAT6TQ1R5VemL4iN1V6uMgMOnGbP6Wq6fklFoGWEpeD
         tzQntg3Xf6gSomNDRKzSt0EiGf+gzvgF3idrJbJPMNKYifm2EjJTUaE+2oEG5hnqaSZm
         KTtw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=;
        b=QLzuFf0hzrKUfKra3bwiiX/wNpxGrDJix7FL5XiT00DySqsKFe8DovBPGru5FlG161
         8bBXHrOkpnSEuEZbQ7qW/uXCWdb2v3evr2e/fhvYozJv5ExdYV8bB9ONxtiMIePkbaGW
         WBdr/r7fqRZxDTBy7rNHf7vaahUWYZXqaAT4Iw+xGfVzXYWJJnWsHZ1J5W5P+Wi99jyv
         iPbQZnrGp4xP8T/y+8Sc+jnFfL2I1bND9FKyI48VeEGT8dQkQHp+x4HHpn4aRSyYIX/3
         otyyaR7GUrlqaVWt+D4nn55EuW0HmoyQAhqkD34fNgSwl1W8yo/Z8v2wIqGbKPhVmats
         kCQw==
X-Gm-Message-State: APjAAAVaQpqSqUlMIQEF4w1NecDRMMGudEeiuGKO07bwsSM90ZyoSwYF
        qMsMIf2t6KkkH55I901MtXQJLZRr99wFeDVhc0U7Xw==
X-Received: by 2002:aca:c64c:: with SMTP id w73mr363929oif.161.1572892369118;
 Mon, 04 Nov 2019 10:32:49 -0800 (PST)
MIME-Version: 1.0
References: <20191101214238.78015-1-john.stultz@linaro.org>
 <20191101214238.78015-2-john.stultz@linaro.org> <20191103160225.GA13344@google.com>
In-Reply-To: <20191103160225.GA13344@google.com>
From:   John Stultz <john.stultz@linaro.org>
Date:   Mon, 4 Nov 2019 10:32:38 -0800
Message-ID: <CALAqxLXjRmWWTiQNZnypk+r7am9STd_UBDgK4b73icS8UfZwpA@mail.gmail.com>
Subject: Re: [PATCH v14 1/5] dma-buf: Add dma-buf heaps framework
To:     Sandeep Patil <sspatil@google.com>
Cc:     lkml <linux-kernel@vger.kernel.org>,
        "Andrew F. Davis" <afd@ti.com>, Laura Abbott <labbott@redhat.com>,
        Benjamin Gaignard <benjamin.gaignard@linaro.org>,
        Sumit Semwal <sumit.semwal@linaro.org>,
        Liam Mark <lmark@codeaurora.org>,
        Pratik Patel <pratikp@codeaurora.org>,
        Brian Starkey <Brian.Starkey@arm.com>,
        Vincent Donnefort <Vincent.Donnefort@arm.com>,
        Sudipto Paul <Sudipto.Paul@arm.com>,
        Christoph Hellwig <hch@infradead.org>,
        Chenbo Feng <fengc@google.com>,
        Hridya Valsaraju <hridya@google.com>,
        Hillf Danton <hdanton@sina.com>,
        Dave Airlie <airlied@gmail.com>,
        dri-devel <dri-devel@lists.freedesktop.org>,
        sspatil+mutt@google.com, Alistair Strachan <astrachan@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Sun, Nov 3, 2019 at 8:02 AM <sspatil@google.com> wrote:
> > +static long dma_heap_ioctl_get_features(struct file *file, void *data)
> > +{
> > +     struct dma_heap_get_features_data *heap_features = data;
> > +
> > +     /* nothing should be passed in */
> > +     if (heap_features->features)
> > +             return -EINVAL;
>
> curious, what are we trying to protect here? Unless I misunderstood this, you
> are forcing userspace to 0 initialize the structure passed into the ioctl.
> So an uninitialized stack variable passed into ioctl() will end up returning
> -EINVAL .. I am not sure thats ok?

Yea, so the rational mostly comes from the document here:
  https://www.kernel.org/doc/Documentation/ioctl/botching-up-ioctls.rst

The general idea is to be very conservative in what you accept on
IOCTLs to avoid any extensions made from breaking existing userland.

Usually this is most critical for write-ioctls, and probably isn't as
important for read ones like get_features, but I don't see much
downside to enforcing it.

> Plus, the point is pointing into the kmalloc'ed memory or the local 'char
> stack_data[128] from the ioctl() function, so not sure if this check was
> intentional? If so, may be easier to 0 initialize *kdata in the ioctl
> function below?

So the bits in the kdata (be it kmalloced or on the stack) is all
copied over from the userpointer. So we're just trying to enforce that
userland zeros it before passing it in.

Thanks again for your other feedback, I'll address them in the next revision!

thanks
-john