* [PATCH] staging: vchiq: delete obselete comment
@ 2021-01-05 13:19 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2021-01-05 13:19 UTC (permalink / raw)
To: Nicolas Saenz Julienne, Arnd Bergmann
Cc: devel, Greg Kroah-Hartman, Marcelo Diop-Gonzalez,
kernel-janitors, bcm-kernel-feedback-list, linux-rpi-kernel,
Amarjargal Gundjalam, Phil Elwell
This comment describes a security problem which was fixed in commit
1c954540c0eb ("staging: vchiq: avoid mixing kernel and user pointers").
The bug is fixed now so the FIXME can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
.../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index f500a7043805..54770a9b4735 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -999,13 +999,6 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
userdata = &waiter->bulk_waiter;
}
- /*
- * FIXME address space mismatch:
- * args->data may be interpreted as a kernel pointer
- * in create_pagelist() called from vchiq_bulk_transfer(),
- * accessing kernel data instead of user space, based on the
- * address.
- */
status = vchiq_bulk_transfer(args->handle, NULL, args->data, args->size,
userdata, args->mode, dir);
--
2.29.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH] staging: vchiq: delete obselete comment
@ 2021-01-05 13:19 ` Dan Carpenter
0 siblings, 0 replies; 4+ messages in thread
From: Dan Carpenter @ 2021-01-05 13:19 UTC (permalink / raw)
To: Nicolas Saenz Julienne, Arnd Bergmann
Cc: devel, Greg Kroah-Hartman, Marcelo Diop-Gonzalez,
kernel-janitors, bcm-kernel-feedback-list, linux-rpi-kernel,
Amarjargal Gundjalam, Phil Elwell
This comment describes a security problem which was fixed in commit
1c954540c0eb ("staging: vchiq: avoid mixing kernel and user pointers").
The bug is fixed now so the FIXME can be removed.
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
.../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index f500a7043805..54770a9b4735 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -999,13 +999,6 @@ static int vchiq_irq_queue_bulk_tx_rx(struct vchiq_instance *instance,
userdata = &waiter->bulk_waiter;
}
- /*
- * FIXME address space mismatch:
- * args->data may be interpreted as a kernel pointer
- * in create_pagelist() called from vchiq_bulk_transfer(),
- * accessing kernel data instead of user space, based on the
- * address.
- */
status = vchiq_bulk_transfer(args->handle, NULL, args->data, args->size,
userdata, args->mode, dir);
--
2.29.2
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] staging: vchiq: delete obselete comment
2021-01-05 13:19 ` Dan Carpenter
@ 2021-01-05 14:19 ` Arnd Bergmann
-1 siblings, 0 replies; 4+ messages in thread
From: Arnd Bergmann @ 2021-01-05 14:19 UTC (permalink / raw)
To: Dan Carpenter
Cc: driverdevel, Arnd Bergmann, Greg Kroah-Hartman,
Marcelo Diop-Gonzalez, kernel-janitors, bcm-kernel-feedback-list,
moderated list:BROADCOM BCM2835 ARM ARCHITECTURE,
Amarjargal Gundjalam, Phil Elwell, Nicolas Saenz Julienne
On Tue, Jan 5, 2021 at 2:19 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> This comment describes a security problem which was fixed in commit
> 1c954540c0eb ("staging: vchiq: avoid mixing kernel and user pointers").
> The bug is fixed now so the FIXME can be removed.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
There is still another sparse warning for a remaining __user address
space mismatch in the driver, but this one seems to be fixed as you
say. Thanks for the fix!
Arnd
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] staging: vchiq: delete obselete comment
@ 2021-01-05 14:19 ` Arnd Bergmann
0 siblings, 0 replies; 4+ messages in thread
From: Arnd Bergmann @ 2021-01-05 14:19 UTC (permalink / raw)
To: Dan Carpenter
Cc: driverdevel, Arnd Bergmann, Greg Kroah-Hartman,
Marcelo Diop-Gonzalez, kernel-janitors, bcm-kernel-feedback-list,
moderated list:BROADCOM BCM2835 ARM ARCHITECTURE,
Amarjargal Gundjalam, Phil Elwell, Nicolas Saenz Julienne
On Tue, Jan 5, 2021 at 2:19 PM Dan Carpenter <dan.carpenter@oracle.com> wrote:
>
> This comment describes a security problem which was fixed in commit
> 1c954540c0eb ("staging: vchiq: avoid mixing kernel and user pointers").
> The bug is fixed now so the FIXME can be removed.
>
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
There is still another sparse warning for a remaining __user address
space mismatch in the driver, but this one seems to be fixed as you
say. Thanks for the fix!
Arnd
_______________________________________________
devel mailing list
devel@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-01-05 14:20 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-05 13:19 [PATCH] staging: vchiq: delete obselete comment Dan Carpenter
2021-01-05 13:19 ` Dan Carpenter
2021-01-05 14:19 ` Arnd Bergmann
2021-01-05 14:19 ` Arnd Bergmann
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.