From: Eugene Syromiatnikov <esyr@redhat.com>
To: Richard Cochran <richardcochran@gmail.com>
Cc: David Miller <davem@davemloft.net>,
mlichvar@redhat.com, netdev@vger.kernel.org,
jacob.e.keller@intel.com, mtosatti@redhat.com
Subject: Re: [PATCH net 1/2] ptp: check that rsv field is zero in struct ptp_sys_offset_extended
Date: Tue, 8 Jan 2019 15:38:28 +0100 [thread overview]
Message-ID: <20190108143828.GA15136@asgard.redhat.com> (raw)
In-Reply-To: <20190108051923.2ozbytxqorxzpad5@localhost>
On Mon, Jan 07, 2019 at 09:19:23PM -0800, Richard Cochran wrote:
> On Mon, Jan 07, 2019 at 08:29:38AM -0800, David Miller wrote:
> > From: Eugene Syromiatnikov <esyr@redhat.com>
> > Date: Mon, 7 Jan 2019 16:22:29 +0100
> >
> > > Otherwise it is impossible to use it for something else, as it will break
> > > userspace that puts garbage there.
> > >
> > > The same check should be done in other structures, but the fact that
> > > data in reserved fields is ignored is already part of the kernel ABI.
> > >
> > > Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
> >
> > I think the opportunity to enforce this has passed and you will break
> > userspace by doing this.
>
> Does this seriously mean that the 'rsv' field in
>
> struct ptp_extts_request {
> unsigned int index; /* Which channel to configure. */
> unsigned int flags; /* Bit field for PTP_xxx flags. */
> unsigned int rsv[2]; /* Reserved for future use. */
> };
>
> can never be extended with some semantics?
Yes[*], since there's no check for garbage in both unused flags bits and rsv
values. The same for ptp_perout_request, ptp_sys_offset, ptp_pin_desc in
PTP_PIN_SETFUNC, and to some extent for ptp_sys_offset_precise, ptp_clock_caps,
and ptp_pin_desc in PTP_PIN_GETFUNC (all newly added data has to be
non-zero there). See also [1][2].
It can be worked around by adding new ioctl commands that operate on the
same structures, but also perform proper checks, though.
[*] Well, it could be extended with some data that is written from kernel
to user space, but, again, it is not possible due to the fact that no
new flags can be added there and it is an _IOW and not _IOWR command.
[1] https://www.kernel.org/doc/Documentation/process/adding-syscalls.rsti
"Designing the API: Planning for Extension"
[2] http://man7.org/conf/lcna2015/designing_linux_kernel_APIs-LCNA_2015-Kerrisk.pdf
> Thanks,
> Richard
next prev parent reply other threads:[~2019-01-08 14:38 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-09 10:14 [PATCH net-next 0/8] More accurate PHC<->system clock synchronization Miroslav Lichvar
2018-11-09 10:14 ` [PATCH net-next 1/8] ptp: reorder declarations in ptp_ioctl() Miroslav Lichvar
2018-11-09 10:14 ` [PATCH net-next 2/8] ptp: check gettime64 return code in PTP_SYS_OFFSET ioctl Miroslav Lichvar
2018-11-09 10:14 ` [PATCH net-next 3/8] ptp: add PTP_SYS_OFFSET_EXTENDED ioctl Miroslav Lichvar
2019-01-07 15:22 ` [PATCH net 1/2] ptp: check that rsv field is zero in struct ptp_sys_offset_extended Eugene Syromiatnikov
2019-01-07 16:29 ` David Miller
2019-01-07 16:57 ` Miroslav Lichvar
2019-01-07 17:13 ` David Miller
2019-01-08 5:19 ` Richard Cochran
2019-01-08 14:38 ` Eugene Syromiatnikov [this message]
2019-01-08 20:45 ` Keller, Jacob E
2019-01-07 15:22 ` [PATCH net 2/2] ptp: uapi: change _IOW to IOWR in PTP_SYS_OFFSET_EXTENDED definition Eugene Syromiatnikov
2019-01-07 16:29 ` David Miller
2018-11-09 10:14 ` [PATCH net-next 4/8] ptp: deprecate gettime64() in favor of gettimex64() Miroslav Lichvar
2018-11-09 10:14 ` [PATCH net-next 5/8] e1000e: extend PTP gettime function to read system clock Miroslav Lichvar
2018-11-10 1:53 ` Jeff Kirsher
2018-11-09 10:14 ` [PATCH net-next 6/8] igb: " Miroslav Lichvar
2018-11-10 1:53 ` Jeff Kirsher
2018-11-09 10:14 ` [PATCH net-next 7/8] ixgbe: " Miroslav Lichvar
2018-11-09 18:14 ` Keller, Jacob E
2018-11-10 1:52 ` Jeff Kirsher
2018-11-09 10:14 ` [PATCH net-next 8/8] tg3: " Miroslav Lichvar
2018-11-09 18:12 ` [PATCH net-next 0/8] More accurate PHC<->system clock synchronization Keller, Jacob E
2018-11-09 23:28 ` David Miller
2018-11-09 23:33 ` Jeff Kirsher
2018-11-10 0:55 ` David Miller
2018-11-10 1:44 ` Richard Cochran
2018-11-10 3:44 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190108143828.GA15136@asgard.redhat.com \
--to=esyr@redhat.com \
--cc=davem@davemloft.net \
--cc=jacob.e.keller@intel.com \
--cc=mlichvar@redhat.com \
--cc=mtosatti@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=richardcochran@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).