On Tue, May 17, 2016 at 03:50:41PM +0200, Benjamin Gaignard wrote:
> 2016-05-17 0:58 GMT+02:00 Emil Velikov <emil.l.velikov@xxxxxxxxx>:
> > On 9 May 2016 at 16:07, Benjamin Gaignard <benjamin.gaignard@xxxxxxxxxx> wrote:
> >> + * @fd: returned file descriptor
> >> + */
> >> +struct smaf_create_data {
> >> + size_t length;
> >> + unsigned int flags;
> >> + char name[ALLOCATOR_NAME_LENGTH];
> >> + int fd;
> > The structs here feels quite fragile. Please read up on Daniel
> > Vetter's "Botching up ioctls" [1]. Personally I find pahole quite
> > useful is such process.
> >
> if I describe the structures like this:
> /**
> * struct smaf_create_data - allocation parameters
> * @length: size of the allocation
> * @flags: flags passed to allocator
> * @name_len: length of name
> * @name: name of the allocator to be selected, could be NULL
> * @fd: returned file descriptor
> */
> struct smaf_create_data {
> size_t length;
> unsigned int flags;
> size_t name_len;
> char __user *name;
> int fd;
> char padding[44];
> };
>
> does it sound more robust for you ?
>
> > Hopefully I haven't lost the plot with the above, if I had don't be
> > shy to point out.
> >
> > Thanks,
> > Emil
> >
> > [1] https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/ioctl/botching-up-ioctls.txt
Please read this doc in it's entirety, ask on irc if you don't get certain
parts. Then come back an rework your patch.
Super short summary: _All_ the types you've used are absolute no-go in
ioctl structs.
-Daniel
--
Daniel Vetter
Software Engineer, Intel Corporation
http://blog.ffwll.ch
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
