Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4275148ybx; Mon, 4 Nov 2019 10:34:53 -0800 (PST) X-Google-Smtp-Source: APXvYqwadLYOw0vRielHv/kwdB6EiR+DGWsr1dG0PQrj+ul3JFoqy6lln4x9q6/PwuPhQQbsq4Ad X-Received: by 2002:a17:906:3d2:: with SMTP id c18mr17180081eja.111.1572892493098; Mon, 04 Nov 2019 10:34:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572892493; cv=none; d=google.com; s=arc-20160816; b=lt4Nx5p1+AvGk4xC50M9Ozw51MVmzomiLUukbUREreWwAJZYR8lWoBSR7WUAWV50Cs 3+z3qwFdJGmQFAsZtw/JArDk2uKXvYkXAAS0t9U5X8dB/O3npbeuUNgswA0QThFWuF+P ZCgkTLv1vH0bQoJw7wg0dMFbM4o7SrYcWN+0uGNGjuZMMaMqDtix27lSstxvc3ckkIjU kayDz5WF94mGIHtD2KWHqU1eeWBqRbEpp8yHe9H5sfDtyOdgeRwstg4wYCb6n/6zL/u+ +RqFOPZMYERmmgOSlO9DVM75zwkX5E5ekxzpyyZUTxbaWC53btrgn6JMsLkiXxLYTyp9 5zsw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=; b=0Rqw2ByqdaTCwKVsRx/NYEc7tSTrQDfJehr2YmYbxzANYr/yNZQm3aNjGBqbF4FSX/ /qKoizXmVnqCPzYnnurQdieVgpwpvVEU8EZsnSC9e0nspwgRCblJyWPgqWsJfOKDACB+ VQ9jvQ9AKkJAP8zJ3s2ps5PZ8IcH/OSMf+50qe8EPiTHmPYlalCGa9ztraDIbS7c71Uc 4TfPnTZxQXfp0KTsy7l/GLfS2iojUxy6oFp6ik4tF8cpLuvcb+GBlevzSwxeGhD7dP24 QfhLDayckqE+T1WLQlAl8xOTc7TYuG44lwdIp/HbRlnYWFqAM+cx3Wbr5s/G1WuJPGXe wiXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZwZbZIBW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g19si8275226edb.280.2019.11.04.10.34.30; Mon, 04 Nov 2019 10:34:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ZwZbZIBW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729312AbfKDScv (ORCPT + 99 others); Mon, 4 Nov 2019 13:32:51 -0500 Received: from mail-oi1-f193.google.com ([209.85.167.193]:34430 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727998AbfKDScv (ORCPT ); Mon, 4 Nov 2019 13:32:51 -0500 Received: by mail-oi1-f193.google.com with SMTP id l202so15042666oig.1 for ; Mon, 04 Nov 2019 10:32:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=; b=ZwZbZIBWQ+1OPsCtH8o21sKLwWYTv0Kawog0LE/+kqZNZkKsrkMxmIP2M2Fb9jXc7H PfBqNkyAv4wjM1gG1iSziv44ViPJDPX9/dSI9wUBBPa3fkwlAFoHnhh9qBZBvkqzlee9 UVbTycJm7wH3UBOVZm0jBLDmKjfKhsthLVfDpqxEnOkFamie1kQZ1YwX6Z4xjkx4PKu1 IAQFGY0QW6ISt3Yd7pbZg2zTQXAT6TQ1R5VemL4iN1V6uMgMOnGbP6Wq6fklFoGWEpeD tzQntg3Xf6gSomNDRKzSt0EiGf+gzvgF3idrJbJPMNKYifm2EjJTUaE+2oEG5hnqaSZm KTtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=CuoEqQL2KebTopf41oEH+8ZFIOF1Y0zb5FGL5THAEuM=; b=QLzuFf0hzrKUfKra3bwiiX/wNpxGrDJix7FL5XiT00DySqsKFe8DovBPGru5FlG161 8bBXHrOkpnSEuEZbQ7qW/uXCWdb2v3evr2e/fhvYozJv5ExdYV8bB9ONxtiMIePkbaGW WBdr/r7fqRZxDTBy7rNHf7vaahUWYZXqaAT4Iw+xGfVzXYWJJnWsHZ1J5W5P+Wi99jyv iPbQZnrGp4xP8T/y+8Sc+jnFfL2I1bND9FKyI48VeEGT8dQkQHp+x4HHpn4aRSyYIX/3 otyyaR7GUrlqaVWt+D4nn55EuW0HmoyQAhqkD34fNgSwl1W8yo/Z8v2wIqGbKPhVmats kCQw== X-Gm-Message-State: APjAAAVaQpqSqUlMIQEF4w1NecDRMMGudEeiuGKO07bwsSM90ZyoSwYF qMsMIf2t6KkkH55I901MtXQJLZRr99wFeDVhc0U7Xw== X-Received: by 2002:aca:c64c:: with SMTP id w73mr363929oif.161.1572892369118; Mon, 04 Nov 2019 10:32:49 -0800 (PST) MIME-Version: 1.0 References: <20191101214238.78015-1-john.stultz@linaro.org> <20191101214238.78015-2-john.stultz@linaro.org> <20191103160225.GA13344@google.com> In-Reply-To: <20191103160225.GA13344@google.com> From: John Stultz Date: Mon, 4 Nov 2019 10:32:38 -0800 Message-ID: Subject: Re: [PATCH v14 1/5] dma-buf: Add dma-buf heaps framework To: Sandeep Patil Cc: lkml , "Andrew F. Davis" , Laura Abbott , Benjamin Gaignard , Sumit Semwal , Liam Mark , Pratik Patel , Brian Starkey , Vincent Donnefort , Sudipto Paul , Christoph Hellwig , Chenbo Feng , Hridya Valsaraju , Hillf Danton , Dave Airlie , dri-devel , sspatil+mutt@google.com, Alistair Strachan Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Nov 3, 2019 at 8:02 AM wrote: > > +static long dma_heap_ioctl_get_features(struct file *file, void *data) > > +{ > > + struct dma_heap_get_features_data *heap_features = data; > > + > > + /* nothing should be passed in */ > > + if (heap_features->features) > > + return -EINVAL; > > curious, what are we trying to protect here? Unless I misunderstood this, you > are forcing userspace to 0 initialize the structure passed into the ioctl. > So an uninitialized stack variable passed into ioctl() will end up returning > -EINVAL .. I am not sure thats ok? Yea, so the rational mostly comes from the document here: https://www.kernel.org/doc/Documentation/ioctl/botching-up-ioctls.rst The general idea is to be very conservative in what you accept on IOCTLs to avoid any extensions made from breaking existing userland. Usually this is most critical for write-ioctls, and probably isn't as important for read ones like get_features, but I don't see much downside to enforcing it. > Plus, the point is pointing into the kmalloc'ed memory or the local 'char > stack_data[128] from the ioctl() function, so not sure if this check was > intentional? If so, may be easier to 0 initialize *kdata in the ioctl > function below? So the bits in the kdata (be it kmalloced or on the stack) is all copied over from the userpointer. So we're just trying to enforce that userland zeros it before passing it in. Thanks again for your other feedback, I'll address them in the next revision! thanks -john