From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-ed1-f74.google.com (mail-ed1-f74.google.com [209.85.208.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2587F1EEA31 for ; Mon, 29 Dec 2025 17:04:20 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.208.74 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767027861; cv=none; b=CmJNC00AdLaN0HIS6KuTCsIuEGSNy56owP7ILm9w9htvXjVE12h64c/t1iw/DT9QllccMeKSMeDKq/0ZRI/Z7HwbLc6d+Lwc3szrOFlSy3OPayJJGVn6wxd4bz2IKVQ8mS13Dg5CLeP91A9RUemvXRZZJUCe0j9mXar3iZN8A6E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1767027861; c=relaxed/simple; bh=zF2T1FIl8egI/W9aqc85qpNv1XV7tvAFANGtUovKdKI=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=Hosha6UHverXL1zwDEhE3i1f7Q1Zm8l81rHihb3oNpJ5lN9uR2cYNIW5kBmEaR7yysWUqI2Dk7VONSLPFdzdi9aSDx/HGdWMj16KcYpFiCJpuWf1bmjnDwO7upkcx+/yEKREiDSFzKewKUXv5brUZyvXyePjRq6p6K2wW0qswfY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=khG54HmF; arc=none smtp.client-ip=209.85.208.74 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--aliceryhl.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="khG54HmF" Received: by mail-ed1-f74.google.com with SMTP id 4fb4d7f45d1cf-64d5bec0e59so8109021a12.0 for ; Mon, 29 Dec 2025 09:04:19 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1767027858; x=1767632658; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=b1dWu0jtPAE2ll/Vi4qV+X83f54fPzcnMdMPnW/x9j4=; b=khG54HmFdbt25utDzpILgSpTuJcoA/4o4ZI4a+PqbkXGh1Uu5OlXVebtfZCzwjiUQi 7M9XGneJNxM/JJM/8gsGrWdONStpOOooHaeh0AuKU5Gk/Jn/8kHzy4exOvlHEXSjYFil o10jctJen6Ct9J4IzvDgzubkCYaQ0aJRIRBakbnCZ02ytmAaJVBR+sHG2PIF14DCAchr gbhNYRqYU01w0i3f+0XTUzLWyi+Hnio8pEozZCAkGf4aUUVMbQdQROKHVBa147gHWaU3 6aGti3iu1l9+bGDkTXc8q1Y0LZ5YL4zRDVhEU595XU9kUbb5Rjzgu0bQKN2KHKGTOuB8 VmfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767027858; x=1767632658; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=b1dWu0jtPAE2ll/Vi4qV+X83f54fPzcnMdMPnW/x9j4=; b=oYLVcffudhTQdyXya7acQEjncFvuzuL7KiYHxgfWjkP0Oy63wFtZBV27GoThtdGfD7 NTjW/YSuh3CHCOpjWYAOJRDB/WpN7HR5c7kEr7rwsGpAJVTTv3cFFdrmxb0BPuWbgePc Y5J3Ca10rUN24KS2nz4PYpJ7m6uSkqLxnN/pvKV62r3gyhK/mnESbn+vWTG7Q9WOYFap 1pBfMuDPY6nYiCogOpEEHWU0xnLOzjoNj9BQ2J+g9m/tmDaz/ZPqQ9CJv+rnqg2N6A/Q kPwYCbstWU5bOxRM48AsBEbz2+MSa+avahdfU3FUsHdTJ7X9Zi5PTRuOyIiYU1dYgOeP gPpw== X-Forwarded-Encrypted: i=1; AJvYcCWK8wU+Tw9S7vMlWcHNkStIKvITmHU66i6zn8uQBfZs/vSrdy/8Q7oKmloQ7xZwVSP4amRuhHRfU0vn6mY=@vger.kernel.org X-Gm-Message-State: AOJu0YxP5zD4LkrX3kWsD1BLFDmxdtPkJgo/N8prF+hSl2qAkj4RMbYp Z4cDp8FQ0GAFouPO7sVDV3VDzy3vZngm1XZev6+0W70lzrrDnKKR/GBA5bTE+nSv2j1snfkS+5F yxkwLQEHMpku2DF2h4w== X-Google-Smtp-Source: AGHT+IGLicJi0comVcZ+prfwADDY35NYQ7QvSvuuC0CbbcqM5kwPagTxVkdtOrm9mfXbStXzIexWIboT7EXsQU4= X-Received: from edvf21.prod.google.com ([2002:a05:6402:1615:b0:64b:96ec:ef6a]) (user=aliceryhl job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6402:5213:b0:640:edb3:90b5 with SMTP id 4fb4d7f45d1cf-64b8e93c176mr31064441a12.7.1767027858737; Mon, 29 Dec 2025 09:04:18 -0800 (PST) Date: Mon, 29 Dec 2025 17:04:17 +0000 In-Reply-To: <20251229164544.1baf659b.gary@garyguo.net> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20251229-fda-zero-v1-1-58a41cb0e7ec@google.com> <20251229164544.1baf659b.gary@garyguo.net> Message-ID: Subject: Re: [PATCH] rust_binder: correctly handle FDA objects of length zero From: Alice Ryhl To: Gary Guo Cc: Greg Kroah-Hartman , Carlos Llamas , Miguel Ojeda , Boqun Feng , "=?utf-8?B?QmrDtnJu?= Roy Baron" , Benno Lossin , Andreas Hindborg , Trevor Gross , Danilo Krummrich , linux-kernel@vger.kernel.org, rust-for-linux@vger.kernel.org, stable@vger.kernel.org, DeepChirp Content-Type: text/plain; charset="utf-8" On Mon, Dec 29, 2025 at 04:45:44PM +0000, Gary Guo wrote: > On Mon, 29 Dec 2025 15:38:14 +0000 > Alice Ryhl wrote: > > > Fix a bug where an empty FDA (fd array) object with 0 fds would cause an > > out-of-bounds error. The previous implementation used `skip == 0` to > > mean "this is a pointer fixup", but 0 is also the correct skip length > > for an empty FDA. If the FDA is at the end of the buffer, then this > > results in an attempt to write 8-bytes out of bounds. This is caught and > > results in an EINVAL error being returned to userspace. > > > > The pattern of using `skip == 0` as a special value originates from the > > C-implementation of Binder. As part of fixing this bug, this pattern is > > replaced with a Rust enum. > > I was curious and checked the C binder implementation. Apparently the C > binder implementation returns early when translating a FD array with > length 0. > > Would it still make sense to do something similar in the Rust binder? The > enum change is still good to make, though. Based on where the early return is, that'd be equivalent in wrapping this: parent_entry .pointer_fixups .push( PointerFixupEntry::Skip { skip: fds_len, target_offset: info.target_offset, }, GFP_KERNEL, ) .map_err(|_| ENOMEM)?; in an `if fds_len > 0 {}` block. I don't believe it makes any difference, but not having a special case may be cleaner? Alice