From: Hridya Valsaraju <hridya@google.com>
To: Christian Brauner <christian.brauner@ubuntu.com>
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
"Arve Hjønnevåg" <arve@android.com>,
"Todd Kjos" <tkjos@android.com>,
"Martijn Coenen" <maco@android.com>,
"Joel Fernandes" <joel@joelfernandes.org>,
devel@driverdev.osuosl.org, linux-kernel@vger.kernel.org,
kernel-team@android.com
Subject: Re: [PATCH v3 2/2] binder: Validate the default binderfs device names.
Date: Fri, 9 Aug 2019 11:41:12 -0700 [thread overview]
Message-ID: <CA+wgaPPK0fY2a+pCEFHrw8p8WCb459yw41s_6xppWFfEa=P7Og@mail.gmail.com> (raw)
In-Reply-To: <20190809181439.qrs2k7l23ot4am4s@wittgenstein>
On Fri, Aug 9, 2019 at 11:14 AM Christian Brauner
<christian.brauner@ubuntu.com> wrote:
>
> On Fri, Aug 09, 2019 at 04:55:08PM +0200, Greg Kroah-Hartman wrote:
> > On Thu, Aug 08, 2019 at 03:27:26PM -0700, Hridya Valsaraju wrote:
> > > Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
> > > This patch adds a check in binderfs_init() to ensure the same
> > > for the default binder devices that will be created in every
> > > binderfs instance.
> > >
> > > Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com>
> > > Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
> > > Signed-off-by: Hridya Valsaraju <hridya@google.com>
> > > ---
> > > drivers/android/binderfs.c | 12 ++++++++++++
> > > 1 file changed, 12 insertions(+)
> > >
> > > diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
> > > index aee46dd1be91..55c5adb87585 100644
> > > --- a/drivers/android/binderfs.c
> > > +++ b/drivers/android/binderfs.c
> > > @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = {
> > > int __init init_binderfs(void)
> > > {
> > > int ret;
> > > + const char *name;
> > > + size_t len;
> > > +
> > > + /* Verify that the default binderfs device names are valid. */
> >
> > And by "valid" you only mean "not bigger than BINDERFS_MAX_NAME, right?
> >
> > > + name = binder_devices_param;
> > > + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
> > > + if (len > BINDERFS_MAX_NAME)
> > > + return -E2BIG;
> > > + name += len;
> > > + if (*name == ',')
> > > + name++;
> > > + }
> >
> > We already tokenize the binderfs device names in binder_init(), why not
> > check this there instead? Parsing the same string over and over isn't
> > the nicest.
>
> non-binderfs binder devices do not have their limit set to
> BINDERFS_NAME_MAX. That's why the check has likely been made specific to
> binderfs binder devices which do have that limit.
Thank you Greg and Christian, for taking another look. Yes,
non-binderfs binder devices not having this limitation is the reason
why the check was made specific to binderfs devices. Also, when
CONFIG_ANDROID_BINDERFS is set, patch 1/2 disabled the same string
being parsed in binder_init().
>
> But, in practice, 255 is the standard path-part limit that no-one really
> exceeds especially not for stuff such as device nodes which usually have
> rather standard naming schemes (e.g. binder, vndbinder, hwbinder, etc.).
> So yes, we can move that check before both the binderfs binder device
> and non-binderfs binder device parsing code and treat it as a generic
> check.
> Then we can also backport that check as you requested in the other mail.
> Unless Hridya or Todd have objections, of course.
I do not have any objections to adding a generic check in binder_init() instead.
>
> Christian
WARNING: multiple messages have this Message-ID (diff)
From: hridya@google.com (Hridya Valsaraju)
Subject: [PATCH v3 2/2] binder: Validate the default binderfs device names.
Date: Fri, 9 Aug 2019 11:41:12 -0700 [thread overview]
Message-ID: <CA+wgaPPK0fY2a+pCEFHrw8p8WCb459yw41s_6xppWFfEa=P7Og@mail.gmail.com> (raw)
In-Reply-To: <20190809181439.qrs2k7l23ot4am4s@wittgenstein>
On Fri, Aug 9, 2019 at 11:14 AM Christian Brauner
<christian.brauner@ubuntu.com> wrote:
>
> On Fri, Aug 09, 2019@04:55:08PM +0200, Greg Kroah-Hartman wrote:
> > On Thu, Aug 08, 2019@03:27:26PM -0700, Hridya Valsaraju wrote:
> > > Length of a binderfs device name cannot exceed BINDERFS_MAX_NAME.
> > > This patch adds a check in binderfs_init() to ensure the same
> > > for the default binder devices that will be created in every
> > > binderfs instance.
> > >
> > > Co-developed-by: Christian Brauner <christian.brauner at ubuntu.com>
> > > Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
> > > Signed-off-by: Hridya Valsaraju <hridya at google.com>
> > > ---
> > > drivers/android/binderfs.c | 12 ++++++++++++
> > > 1 file changed, 12 insertions(+)
> > >
> > > diff --git a/drivers/android/binderfs.c b/drivers/android/binderfs.c
> > > index aee46dd1be91..55c5adb87585 100644
> > > --- a/drivers/android/binderfs.c
> > > +++ b/drivers/android/binderfs.c
> > > @@ -570,6 +570,18 @@ static struct file_system_type binder_fs_type = {
> > > int __init init_binderfs(void)
> > > {
> > > int ret;
> > > + const char *name;
> > > + size_t len;
> > > +
> > > + /* Verify that the default binderfs device names are valid. */
> >
> > And by "valid" you only mean "not bigger than BINDERFS_MAX_NAME, right?
> >
> > > + name = binder_devices_param;
> > > + for (len = strcspn(name, ","); len > 0; len = strcspn(name, ",")) {
> > > + if (len > BINDERFS_MAX_NAME)
> > > + return -E2BIG;
> > > + name += len;
> > > + if (*name == ',')
> > > + name++;
> > > + }
> >
> > We already tokenize the binderfs device names in binder_init(), why not
> > check this there instead? Parsing the same string over and over isn't
> > the nicest.
>
> non-binderfs binder devices do not have their limit set to
> BINDERFS_NAME_MAX. That's why the check has likely been made specific to
> binderfs binder devices which do have that limit.
Thank you Greg and Christian, for taking another look. Yes,
non-binderfs binder devices not having this limitation is the reason
why the check was made specific to binderfs devices. Also, when
CONFIG_ANDROID_BINDERFS is set, patch 1/2 disabled the same string
being parsed in binder_init().
>
> But, in practice, 255 is the standard path-part limit that no-one really
> exceeds especially not for stuff such as device nodes which usually have
> rather standard naming schemes (e.g. binder, vndbinder, hwbinder, etc.).
> So yes, we can move that check before both the binderfs binder device
> and non-binderfs binder device parsing code and treat it as a generic
> check.
> Then we can also backport that check as you requested in the other mail.
> Unless Hridya or Todd have objections, of course.
I do not have any objections to adding a generic check in binder_init() instead.
>
> Christian
next prev parent reply other threads:[~2019-08-09 18:41 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-08 22:27 [PATCH v3 0/2] Add default binderfs devices Hridya Valsaraju
2019-08-08 22:27 ` Hridya Valsaraju
2019-08-08 22:27 ` [PATCH v3 1/2] binder: Add default binder devices through binderfs when configured Hridya Valsaraju
2019-08-08 22:27 ` Hridya Valsaraju
2019-08-09 14:50 ` Greg Kroah-Hartman
2019-08-09 14:50 ` Greg Kroah-Hartman
2019-08-09 18:22 ` Christian Brauner
2019-08-09 18:22 ` Christian Brauner
2019-08-09 20:08 ` Hridya Valsaraju
2019-08-09 20:08 ` Hridya Valsaraju
2019-08-15 16:28 ` Joel Fernandes
2019-08-15 16:28 ` Joel Fernandes
2019-08-15 16:30 ` Joel Fernandes
2019-08-15 16:30 ` Joel Fernandes
2019-08-08 22:27 ` [PATCH v3 2/2] binder: Validate the default binderfs device names Hridya Valsaraju
2019-08-08 22:27 ` Hridya Valsaraju
2019-08-09 14:51 ` Greg Kroah-Hartman
2019-08-09 14:51 ` Greg Kroah-Hartman
2019-08-09 14:55 ` Greg Kroah-Hartman
2019-08-09 14:55 ` Greg Kroah-Hartman
2019-08-09 18:14 ` Christian Brauner
2019-08-09 18:14 ` Christian Brauner
2019-08-09 18:41 ` Hridya Valsaraju [this message]
2019-08-09 18:41 ` Hridya Valsaraju
2019-09-04 7:19 ` Greg Kroah-Hartman
2019-09-04 7:19 ` Greg Kroah-Hartman
2019-09-04 10:44 ` Christian Brauner
2019-09-04 10:44 ` Christian Brauner
2019-09-04 10:49 ` Greg Kroah-Hartman
2019-09-04 10:49 ` Greg Kroah-Hartman
2019-09-04 11:07 ` Christian Brauner
2019-09-04 11:07 ` Christian Brauner
2019-08-15 16:31 ` Joel Fernandes
2019-08-15 16:31 ` Joel Fernandes
2019-08-15 16:00 ` [PATCH v3 0/2] Add default binderfs devices Greg Kroah-Hartman
2019-08-15 16:00 ` Greg Kroah-Hartman
2019-09-04 11:07 ` [RESEND PATCH " Christian Brauner
2019-09-04 11:07 ` Christian Brauner
2019-09-04 11:07 ` [RESEND PATCH v3 1/2] binder: Add default binder devices through binderfs when configured Christian Brauner
2019-09-04 11:07 ` Christian Brauner
2019-09-04 11:07 ` [RESEND PATCH v3 2/2] binder: Validate the default binderfs device names Christian Brauner
2019-09-04 11:07 ` Christian Brauner
2019-09-04 11:18 ` [RESEND PATCH v3 0/2] Add default binderfs devices Greg KH
2019-09-04 11:18 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CA+wgaPPK0fY2a+pCEFHrw8p8WCb459yw41s_6xppWFfEa=P7Og@mail.gmail.com' \
--to=hridya@google.com \
--cc=arve@android.com \
--cc=christian.brauner@ubuntu.com \
--cc=devel@driverdev.osuosl.org \
--cc=gregkh@linuxfoundation.org \
--cc=joel@joelfernandes.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maco@android.com \
--cc=tkjos@android.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.