From: Pete Zaitcev <zaitcev@redhat.com>
To: Christopher Li <usb-devel@chrisli.org>
Cc: greg@kroah.com, linux-usb-devel@lists.sourceforge.net,
linux-kernel@vger.kernel.org, zaitcev@redhat.com
Subject: Re: usb: Patch for USBDEVFS_IOCTL from 32-bit programs
Date: Tue, 18 Oct 2005 20:33:20 -0700 [thread overview]
Message-ID: <20051018203320.179f4c4c.zaitcev@redhat.com> (raw)
In-Reply-To: <20051018150533.GB21786@64m.dyndns.org>
On Tue, 18 Oct 2005 11:05:33 -0400, Christopher Li <usb-devel@chrisli.org> wrote:
> On Tue, Oct 18, 2005 at 10:13:33AM -0700, Greg KH wrote:
> I am a little nervous no check have been done to what ioctl it is
> passing. Most of the case you don't need to convert the buffer, but
> what if there is some ioctl need to do something special.
You do not have to be nervous, because USB ioctls are not unstructured.
These ioctls do not receive __user pointers, unsigned longs, or things
freely interpreted. They are defined to receive one buffer, and they
are not expected to perform any copy_from_user/copy_to_user.
The struct file_operations has ioctl which looks like this:
int (*ioctl) (struct inode *, struct file *, unsigned int, unsigned long);
The unsigned long here is often a pointer to user buffer.
However, in USB case, struct usb_driver has ioctl like this:
int (*ioctl) (struct usb_interface *intf, unsigned int code, void *buf);
The *buf is not passed from user mode. It's an honest to goodness
kmalloc'ed buffer.
> On the safe side, I am expecting a big switch to list all the ioctl
> we known can safely pass, can grow the list when needed.
>From the above it should be obvious why such checking is entirely
unnecessary for the case of USB.
To be sure, one can write a driver which looks _inside_ the passed
*buf, and interpret the contents as a bunch of user pointers, in a
misguided attempt to create a DIY s/g capability, for instance.
If such a thing happens, we'd only have to identify the programmers
and impale them on a pole, then feed their intestines to crows.
That ought to take care of the problem without any checking lists.
-- Pete
next prev parent reply other threads:[~2005-10-19 3:33 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-10-18 1:15 usb: Patch for USBDEVFS_IOCTL from 32-bit programs Pete Zaitcev
2005-10-18 17:13 ` Greg KH
2005-10-18 15:05 ` Christopher Li
2005-10-19 3:33 ` Pete Zaitcev [this message]
2005-10-18 18:49 ` Pete Zaitcev
2005-10-18 18:51 ` Arjan van de Ven
2005-10-18 19:08 ` Mikael Pettersson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20051018203320.179f4c4c.zaitcev@redhat.com \
--to=zaitcev@redhat.com \
--cc=greg@kroah.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-usb-devel@lists.sourceforge.net \
--cc=usb-devel@chrisli.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox