From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755452AbbLDIYd (ORCPT ); Fri, 4 Dec 2015 03:24:33 -0500 Received: from mail-wm0-f47.google.com ([74.125.82.47]:37953 "EHLO mail-wm0-f47.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755378AbbLDIYb (ORCPT ); Fri, 4 Dec 2015 03:24:31 -0500 Date: Fri, 4 Dec 2015 08:24:27 +0000 From: Lee Jones To: Arnd Bergmann Cc: linux-arm-kernel@lists.infradead.org, Ohad Ben-Cohen , "devicetree@vger.kernel.org" , Florian Fainelli , kernel@stlinux.com, Nathan_Lynch@mentor.com, "linux-kernel@vger.kernel.org" , Bjorn Andersson , ludovic.barre@st.com, Maxime Coquelin Subject: Re: [RESEND v4 2/6] remoteproc: debugfs: Add ability to boot remote processor using debugfs Message-ID: <20151204082427.GC26902@x1> References: <1448370862-19120-1-git-send-email-lee.jones@linaro.org> <2600153.9u9Z7N2IT1@wuerfel> <20151203172830.GB26902@x1> <2473673.tSymyNlg3h@wuerfel> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <2473673.tSymyNlg3h@wuerfel> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 03 Dec 2015, Arnd Bergmann wrote: > On Thursday 03 December 2015 17:28:30 Lee Jones wrote: > > > > > > Ah, interesting. I haven't tried myself, and just tried to read the > > > code. Maybe glibc already catches zero-length writes before it gets > > > into the kernel, or I just missed the part of the syscall that checks > > > for this. > > > > Glibc is responsible indeed: > > > > http://osxr.org/glibc/source/io/write.c > > Ok, so an attacker can force the stack overflow by calling > syscall(__NR_write, fd, p, 0) if that has any potential value, > but normal users won't hit this case. Right. I have fixed the issue (and another one I found) anyway, if only to rid the GCC warning. -- Lee Jones Linaro STMicroelectronics Landing Team Lead Linaro.org │ Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog From mboxrd@z Thu Jan 1 00:00:00 1970 From: lee.jones@linaro.org (Lee Jones) Date: Fri, 4 Dec 2015 08:24:27 +0000 Subject: [RESEND v4 2/6] remoteproc: debugfs: Add ability to boot remote processor using debugfs In-Reply-To: <2473673.tSymyNlg3h@wuerfel> References: <1448370862-19120-1-git-send-email-lee.jones@linaro.org> <2600153.9u9Z7N2IT1@wuerfel> <20151203172830.GB26902@x1> <2473673.tSymyNlg3h@wuerfel> Message-ID: <20151204082427.GC26902@x1> To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org On Thu, 03 Dec 2015, Arnd Bergmann wrote: > On Thursday 03 December 2015 17:28:30 Lee Jones wrote: > > > > > > Ah, interesting. I haven't tried myself, and just tried to read the > > > code. Maybe glibc already catches zero-length writes before it gets > > > into the kernel, or I just missed the part of the syscall that checks > > > for this. > > > > Glibc is responsible indeed: > > > > http://osxr.org/glibc/source/io/write.c > > Ok, so an attacker can force the stack overflow by calling > syscall(__NR_write, fd, p, 0) if that has any potential value, > but normal users won't hit this case. Right. I have fixed the issue (and another one I found) anyway, if only to rid the GCC warning. -- Lee Jones Linaro STMicroelectronics Landing Team Lead Linaro.org ? Open source software for ARM SoCs Follow Linaro: Facebook | Twitter | Blog