Received: by 2002:a25:ca44:0:0:0:0:0 with SMTP id a65csp1864072ybg; Thu, 30 Jul 2020 04:52:03 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy0RJf2Qx0YLswWz8JBZ0ICARD4+lNNbS0BURvzrTcat7G5/0/2gya1rYkPJCUi3+sR+iT0 X-Received: by 2002:a17:906:c406:: with SMTP id u6mr2316820ejz.47.1596109923302; Thu, 30 Jul 2020 04:52:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1596109923; cv=none; d=google.com; s=arc-20160816; b=PdOBsvIzxnfbOcGuMxMhD3Y11Qbx6EFDowRRW2YNvofF3k0i1uBbE5vpA/BXcoTaAA gn/AJ4DEJEP5xrHae2RUnxrqi9EvVRFmJjB8Kn5j/GJ2t6agUwkWEEKNbnamqXIN/jJp 6mL/h/A+Tr3ot1AxKJNZDoErt99LJ0RpEcd8gUEZzbkIuSBeXNibjHTyKGIxR5bouE1v yQHkmPbXFLGKvFJl/gZAFIhjfhyEAg8dIMVOfNO3/zDQjOp+lJGr4T6xWuEl1h9UnJMy KBEs/aL9VokP8F2rxLte0iNA8r22J0e+oAhLv1vx78530ABFqLqOc5w084/qZvCZSkiI 7Epg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:ironport-sdr:ironport-sdr; bh=kf7E4A+xgx9pvd4eOyO11lWohiBXtHB89QIc2677QjU=; b=li4PplfIkZiFsRbP1/1cfUi2wLFHABhwqGeCi0NerFWxap/dGPjbB0F2ahgjY/d3Pv TOAh6yiRUmIGoSrEztXP2UBbV0hzVy7F4t2TMnRvf32gppmqV75TK8vbkISRU6Df+4yJ iNHheMg5RQlgVkNW1IHoBlQ7VtOYSbe+ck2xv4nvuHTBGIVPAqAhWp6CkR1Guvu30AiD DuPE7kf2R/uNvmVHV+RtL7A8+pZ/bf4fobJX4pfID5EhfOcNaAtNSb6aMKlU+xJDlCmY YZHW3KqirSiBHlBs9yoNQb5rHNAKu09pwjwiIz+B3v/mQgzQ4YYPom2N27bNeSmPYIDK i6kg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gl17si3025462ejb.589.2020.07.30.04.51.41; Thu, 30 Jul 2020 04:52:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727976AbgG3Lss (ORCPT + 99 others); Thu, 30 Jul 2020 07:48:48 -0400 Received: from mga18.intel.com ([134.134.136.126]:28320 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726267AbgG3Lsr (ORCPT ); Thu, 30 Jul 2020 07:48:47 -0400 IronPort-SDR: 43OE7a9WJ395AqDiD2EuId75l8yCfaEudjVKoAVY4rwenWJ024TxGavR/pjIhzUZunw9TD13Jz D7l+S4cpxZTw== X-IronPort-AV: E=McAfee;i="6000,8403,9697"; a="139121723" X-IronPort-AV: E=Sophos;i="5.75,414,1589266800"; d="scan'208";a="139121723" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Jul 2020 04:48:47 -0700 IronPort-SDR: wmlhB2ZzttBFINXRufelrxv8L53CImhLZ6YLEBjkVR5V0gkzH1JXuIS1XD0H6dLKepNgiLNPuq Qw0S9w3OkVZQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.75,414,1589266800"; d="scan'208";a="491097611" Received: from smile.fi.intel.com (HELO smile) ([10.237.68.40]) by fmsmga005.fm.intel.com with ESMTP; 30 Jul 2020 04:48:43 -0700 Received: from andy by smile with local (Exim 4.94) (envelope-from ) id 1k173C-004ugB-9a; Thu, 30 Jul 2020 14:48:42 +0300 Date: Thu, 30 Jul 2020 14:48:42 +0300 From: Andy Shevchenko To: Arnd Bergmann Cc: Bartosz Golaszewski , Dan Carpenter , Linus Walleij , Peilin Ye , Mauro Carvalho Chehab , Greg Kroah-Hartman , syzkaller-bugs , Hans Verkuil , Sakari Ailus , Laurent Pinchart , Vandana BN , Ezequiel Garcia , Niklas =?iso-8859-1?Q?S=F6derlund?= , linux-kernel-mentees@lists.linuxfoundation.org, Linux Media Mailing List , "linux-kernel@vger.kernel.org" Subject: Re: [Linux-kernel-mentees] [PATCH v3] media/v4l2-core: Fix kernel-infoleak in video_put_user() Message-ID: <20200730114842.GH3703480@smile.fi.intel.com> References: <20200726222703.102701-1-yepeilin.cs@gmail.com> <20200727131608.GD1913@kadam> <20200728130632.GI1913@kadam> <20200730083833.GD3703480@smile.fi.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Jul 30, 2020 at 11:18:04AM +0200, Arnd Bergmann wrote: > On Thu, Jul 30, 2020 at 10:38 AM Andy Shevchenko > wrote: > > On Thu, Jul 30, 2020 at 10:15:24AM +0200, Arnd Bergmann wrote: > > > On Thu, Jul 30, 2020 at 10:07 AM Bartosz Golaszewski wrote: ... > > > I would argue that it needs to be fixed anyway, unless you also want > > > to remove the v1 interface for native mode. If this works on 32-bit > > > kernels, on 64-bit kernels with 64-bit user space and on compat > > > 32-bit user space on 64-bit non-x86 architectures, I see no reason > > > to leave it broken specifically on x86 compat user space. There are > > > still reasons to use 32-bit x86 user space for low-memory machines > > > even though native i386 kernels are getting increasingly silly. > > > > It was possible to "fix" (mitigate to some extent) before libgpiod got support > > for several events in a request. Now it seems to be impossible to fix. AFAIU we > > must discard any request to more than one event in it. > > Any reason why the workaround I suggested above would not work? That is the question to somebody who has better understanding. If it works, I vote up to get it fixed with little effort. I would be glad to test patches! > The in_ia32_syscall() check should be completely reliable in telling whether > we are called from read() by an ia32 task or not, and we use the same > logic for input_event, which has a similar problem (on all compat architectures, > not just x86). By the way any reason why we have to have in_ia32_syscall() instead of in_compat_syscall()? > > However I'm not an expert in compat IOCTL code (you are :-) and perhaps you may > > provide ideas better than mine. > > What makes this interface tricky is that this is actually a read() call, not > ioctl() which is usually easier because it encodes the data length in the > command code. As far as I could tell from skimming the interface, the > ioctls are actually fine here. Right. -- With Best Regards, Andy Shevchenko