From: Bjorn Andersson <bjorn@kryo.se>
To: Lee Jones <lee.jones@linaro.org>
Cc: Arnd Bergmann <arnd@arndb.de>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>,
Ohad Ben-Cohen <ohad@wizery.com>,
"devicetree@vger.kernel.org" <devicetree@vger.kernel.org>,
Florian Fainelli <f.fainelli@gmail.com>,
kernel@stlinux.com, Nathan Lynch <Nathan_Lynch@mentor.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
ludovic.barre@st.com, Maxime Coquelin <maxime.coquelin@st.com>
Subject: Re: [RESEND v4 2/6] remoteproc: debugfs: Add ability to boot remote processor using debugfs
Date: Mon, 28 Dec 2015 10:38:04 -0800 [thread overview]
Message-ID: <CAJAp7OhvwxkS5WkvBgd0ncBRMRCijnU2LggY8oyJ5sHg+5aohQ@mail.gmail.com> (raw)
In-Reply-To: <20151204082427.GC26902@x1>
On Fri, Dec 4, 2015 at 12:24 AM, Lee Jones <lee.jones@linaro.org> wrote:
> On Thu, 03 Dec 2015, Arnd Bergmann wrote:
>
>> On Thursday 03 December 2015 17:28:30 Lee Jones wrote:
>> > >
>> > > Ah, interesting. I haven't tried myself, and just tried to read the
>> > > code. Maybe glibc already catches zero-length writes before it gets
>> > > into the kernel, or I just missed the part of the syscall that checks
>> > > for this.
>> >
>> > Glibc is responsible indeed:
>> >
>> > http://osxr.org/glibc/source/io/write.c
>>
>> Ok, so an attacker can force the stack overflow by calling
>> syscall(__NR_write, fd, p, 0) if that has any potential value,
>> but normal users won't hit this case.
>
> Right. I have fixed the issue (and another one I found) anyway, if
> only to rid the GCC warning.
>
Sorry, but I'm unable to find a new version of this patch, did I miss
it or could you resend it?
Also, as I looked at this again, we should probably return an error if
count >= sizeof(buf) rather than just acknowledging the input (same in
the other debugfs write function in this file).
Regards,
Bjorn
WARNING: multiple messages have this Message-ID (diff)
From: bjorn@kryo.se (Bjorn Andersson)
To: linux-arm-kernel@lists.infradead.org
Subject: [RESEND v4 2/6] remoteproc: debugfs: Add ability to boot remote processor using debugfs
Date: Mon, 28 Dec 2015 10:38:04 -0800 [thread overview]
Message-ID: <CAJAp7OhvwxkS5WkvBgd0ncBRMRCijnU2LggY8oyJ5sHg+5aohQ@mail.gmail.com> (raw)
In-Reply-To: <20151204082427.GC26902@x1>
On Fri, Dec 4, 2015 at 12:24 AM, Lee Jones <lee.jones@linaro.org> wrote:
> On Thu, 03 Dec 2015, Arnd Bergmann wrote:
>
>> On Thursday 03 December 2015 17:28:30 Lee Jones wrote:
>> > >
>> > > Ah, interesting. I haven't tried myself, and just tried to read the
>> > > code. Maybe glibc already catches zero-length writes before it gets
>> > > into the kernel, or I just missed the part of the syscall that checks
>> > > for this.
>> >
>> > Glibc is responsible indeed:
>> >
>> > http://osxr.org/glibc/source/io/write.c
>>
>> Ok, so an attacker can force the stack overflow by calling
>> syscall(__NR_write, fd, p, 0) if that has any potential value,
>> but normal users won't hit this case.
>
> Right. I have fixed the issue (and another one I found) anyway, if
> only to rid the GCC warning.
>
Sorry, but I'm unable to find a new version of this patch, did I miss
it or could you resend it?
Also, as I looked at this again, we should probably return an error if
count >= sizeof(buf) rather than just acknowledging the input (same in
the other debugfs write function in this file).
Regards,
Bjorn
next prev parent reply other threads:[~2015-12-28 18:38 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-24 13:14 [RESEND v4 0/6] remoteproc: Add driver for STMicroelectronics platforms Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-24 13:14 ` [RESEND v4 1/6] remoteproc: dt: Provide bindings for ST's Remote Processor Controller driver Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-25 0:07 ` Rob Herring
2015-11-25 0:07 ` Rob Herring
2015-12-28 18:33 ` Bjorn Andersson
2015-12-28 18:33 ` Bjorn Andersson
2015-12-28 18:33 ` Bjorn Andersson
2015-11-24 13:14 ` [RESEND v4 2/6] remoteproc: debugfs: Add ability to boot remote processor using debugfs Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-27 17:00 ` Bjorn Andersson
2015-11-27 17:00 ` Bjorn Andersson
2015-11-27 17:00 ` Bjorn Andersson
2015-12-03 12:26 ` Lee Jones
2015-12-03 12:26 ` Lee Jones
2015-12-03 12:26 ` Lee Jones
2015-12-03 12:49 ` Arnd Bergmann
2015-12-03 12:49 ` Arnd Bergmann
2015-12-03 13:03 ` Lee Jones
2015-12-03 13:03 ` Lee Jones
2015-12-03 13:19 ` Arnd Bergmann
2015-12-03 13:19 ` Arnd Bergmann
2015-12-03 17:28 ` Lee Jones
2015-12-03 17:28 ` Lee Jones
2015-12-03 17:28 ` Lee Jones
2015-12-03 21:12 ` Arnd Bergmann
2015-12-03 21:12 ` Arnd Bergmann
2015-12-03 21:22 ` Bjorn Andersson
2015-12-03 21:22 ` Bjorn Andersson
2015-12-03 21:22 ` Bjorn Andersson
2015-12-04 8:24 ` Lee Jones
2015-12-04 8:24 ` Lee Jones
2015-12-28 18:38 ` Bjorn Andersson [this message]
2015-12-28 18:38 ` Bjorn Andersson
2015-12-28 18:38 ` Bjorn Andersson
2016-01-12 10:53 ` Lee Jones
2016-01-12 10:53 ` Lee Jones
2016-01-12 10:53 ` Lee Jones
2015-11-24 13:14 ` [RESEND v4 3/6] remoteproc: Supply controller driver for ST's Remote Processors Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-12-28 18:33 ` Bjorn Andersson
2015-12-28 18:33 ` Bjorn Andersson
2015-12-28 18:33 ` Bjorn Andersson
2015-11-24 13:14 ` [RESEND v4 4/6] MAINTAINERS: Add ST's Remote Processor Driver to ARM/STI ARCHITECTURE Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-24 13:14 ` [RESEND v4 5/6] ARM: STiH407: Add nodes for RemoteProc Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-24 13:14 ` [RESEND v4 6/6] ARM: STiH407: Move over to using the 'reserved-memory' API for obtaining DMA memory Lee Jones
2015-11-24 13:14 ` Lee Jones
2015-11-26 8:45 ` [RESEND v4 0/6] remoteproc: Add driver for STMicroelectronics platforms Ohad Ben-Cohen
2015-11-26 8:45 ` Ohad Ben-Cohen
2015-11-26 9:10 ` Lee Jones
2015-11-26 9:10 ` Lee Jones
2015-11-26 9:10 ` Lee Jones
2015-11-26 9:32 ` Ohad Ben-Cohen
2015-11-26 9:32 ` Ohad Ben-Cohen
2015-11-26 9:32 ` Ohad Ben-Cohen
2015-12-28 18:41 ` Bjorn Andersson
2015-12-28 18:41 ` Bjorn Andersson
2015-12-28 18:41 ` Bjorn Andersson
2015-12-29 8:23 ` Ohad Ben-Cohen
2015-12-29 8:23 ` Ohad Ben-Cohen
2015-12-29 8:23 ` Ohad Ben-Cohen
2016-01-12 12:30 ` Lee Jones
2016-01-12 12:30 ` Lee Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAJAp7OhvwxkS5WkvBgd0ncBRMRCijnU2LggY8oyJ5sHg+5aohQ@mail.gmail.com \
--to=bjorn@kryo.se \
--cc=Nathan_Lynch@mentor.com \
--cc=arnd@arndb.de \
--cc=devicetree@vger.kernel.org \
--cc=f.fainelli@gmail.com \
--cc=kernel@stlinux.com \
--cc=lee.jones@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ludovic.barre@st.com \
--cc=maxime.coquelin@st.com \
--cc=ohad@wizery.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.