From: Andi Kleen <andi@firstfloor.org>
To: Dave Airlie <airlied@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
DRI Development Mailing List <dri-devel@lists.sourceforge.net>,
Arnd Bergmann <arnd@arndb.de>, David Miller <davem@davemloft.net>
Subject: Re: is avoiding compat ioctls possible?
Date: Wed, 28 Oct 2009 03:53:17 +0100 [thread overview]
Message-ID: <87hbtkjkki.fsf@basil.nowhere.org> (raw)
In-Reply-To: <21d7e9970910271822p3751b2fdnd78e1bc3326b9b0b@mail.gmail.com> (Dave Airlie's message of "Wed, 28 Oct 2009 11:22:18 +1000")
Dave Airlie <airlied@gmail.com> writes:
> They used uint64_t to represent userspace pointers and userspace
> casted into those and the kernel casts back out and passes it to copy_*_user
uint64_t is actually dangerous due to different alignment on x86-32 vs 64,
better use compat_u64/s64
> Now I thought cool I don't need to worry about compat ioctl hackery I can
> run 32 on 64 bit apps fine and it'll all just work.
>
> Now Dave Miller points out that I'm obivously deluded and we really need
> to add compat ioctls so that the kernel can truncate correctly 32-bit address
> in case userspace shoves garbage into the top 32bits of the u64.
When the user space sees a u64 field it should never shove garbage here.
You just have to cast on 32bit for this, which is a bit ugly.
However some architectures need special operations on compat pointers
(s390 iirc), but if you don't support those it might be reasonable
to not support that.
> Is there really no way to avoid compat ioctls? was I delusional in
> thinking there was?
Experience shows that people make mistakes and you sooner or
later need them anyways to work around them.
-Andi
--
ak@linux.intel.com -- Speaking for myself only.
next prev parent reply other threads:[~2009-10-28 2:53 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-28 1:22 is avoiding compat ioctls possible? Dave Airlie
2009-10-28 2:25 ` David Miller
2009-10-28 3:01 ` Dave Airlie
2009-10-28 2:53 ` Andi Kleen [this message]
2009-10-28 3:05 ` Dave Airlie
2009-10-28 3:19 ` Andi Kleen
2009-10-28 3:28 ` Dave Airlie
2009-10-28 3:34 ` Andi Kleen
2009-10-28 3:43 ` David Miller
2009-10-28 3:41 ` David Miller
2009-10-28 21:05 ` Maciej W. Rozycki
2009-10-29 8:27 ` Arnd Bergmann
2009-10-28 3:38 ` David Miller
2009-10-28 3:43 ` Dave Airlie
2009-10-28 3:45 ` David Miller
2009-10-28 3:51 ` Andi Kleen
2009-10-28 3:54 ` Dave Airlie
2009-10-28 5:28 ` David Miller
2009-10-28 5:42 ` Dave Airlie
2009-10-28 6:04 ` David Miller
2009-10-28 7:53 ` David Miller
2009-10-28 7:59 ` Andi Kleen
2009-10-28 8:11 ` David Miller
2009-10-28 8:19 ` Andi Kleen
2009-10-28 8:28 ` David Miller
2009-10-28 12:13 ` Arnd Bergmann
2009-10-28 12:16 ` David Miller
2009-10-28 15:40 ` Arnd Bergmann
2009-10-29 5:41 ` David Miller
2009-10-29 8:16 ` Arnd Bergmann
2009-10-29 8:34 ` Heiko Carstens
2009-10-29 8:39 ` David Miller
2009-10-28 12:17 ` David Miller
2009-10-30 1:13 ` Dave Airlie
2009-10-30 10:13 ` Arnd Bergmann
2009-11-18 0:26 ` Dave Airlie
2009-11-18 9:09 ` Andi Kleen
2009-11-18 14:42 ` Arnd Bergmann
2009-10-28 3:37 ` David Miller
2009-10-28 4:36 ` Andi Kleen
2009-10-28 5:29 ` David Miller
2009-10-28 10:27 ` Arnd Bergmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87hbtkjkki.fsf@basil.nowhere.org \
--to=andi@firstfloor.org \
--cc=airlied@gmail.com \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=dri-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.