>-----Original Message----- >From: Ameya Palande [mailto:ameya.palande@xxxxxxxxx] >Sent: Thursday, February 11, 2010 7:51 AM >To: Ramos Falcon, Ernesto >Cc: linux-omap@xxxxxxxxxxxxxxx; Contreras Felipe (Nokia-D/Helsinki); Doyu >Hiroshi (Nokia-D/Helsinki) >Subject: RE: [PATCH] DSPBRIDGE: Validate node handle from user > >On Tue, 2010-02-09 at 18:52 +0100, ext Ramos Falcon, Ernesto wrote: >> >> >-----Original Message----- >> >From: Ameya Palande [mailto:ameya.palande@xxxxxxxxx] >> >Sent: Tuesday, February 09, 2010 11:32 AM >> >To: Ramos Falcon, Ernesto >> >Cc: linux-omap@xxxxxxxxxxxxxxx; Contreras Felipe (Nokia-D/Helsinki); >Doyu >> >Hiroshi (Nokia-D/Helsinki) >> >Subject: Re: [PATCH] DSPBRIDGE: Validate node handle from user >> > >> >Hi Ernesto, >> > >> >On Tue, 2010-02-09 at 18:08 +0100, ext Ramos Falcon, Ernesto wrote: >> >> From 8310b586b025b0703c3951560849c4ea0250b6e1 Mon Sep 17 00:00:00 2001 >> >> From: Ernesto Ramos <ernesto@xxxxxx> >> >> Date: Fri, 29 Jan 2010 16:21:59 -0600 >> >> Subject: [PATCH] DSPBRIDGE: Validate node handle from user. >> >> >> >> Add checks to validate the node handles received from user. >> >> >> >> Signed-off-by: Ernesto Ramos <ernesto@xxxxxx> >> >> --- >> >> drivers/dsp/bridge/pmgr/wcd.c | 91 ++++++++++++++++++++- >> >> drivers/dsp/bridge/rmgr/node.c | 174 +++++++++++++------------------ >--- >> >----- >> >> 2 files changed, 146 insertions(+), 119 deletions(-) >> >> >> >> diff --git a/drivers/dsp/bridge/pmgr/wcd.c >> >b/drivers/dsp/bridge/pmgr/wcd.c >> >> index 74654dc..2e6eeb0 100644 >> >> --- a/drivers/dsp/bridge/pmgr/wcd.c >> >> +++ b/drivers/dsp/bridge/pmgr/wcd.c >> >> @@ -1066,6 +1066,24 @@ u32 PROCWRAP_Stop(union Trapped_Args *args, >void >> >*pr_ctxt) >> >> return retVal; >> >> } >> >> >> >> +bool validate_node_handle(struct NODE_OBJECT *hNode, void *pr_ctxt) >> >> +{ >> >> + bool retVal = false; >> >> + struct PROCESS_CONTEXT *pCtxt = pr_ctxt; >> >> + struct NODE_RES_OBJECT *pNode = pCtxt->pNodeList; >> >> + >> >> + if (hNode == (struct NODE_OBJECT *) DSP_HGPPNODE) >> >> + retVal = true; >> >> + >> >> + while (pNode && !retVal) { >> >> + if (hNode == pNode->hNode) >> > >> >If you have several nodes allocated by user space, then what you are >> >validating here is for any node! Is that ok? >> > >> >This validation and design itself doesn't look good to me. If we don't >> >want to trust user space, then instead of checking the node handle in >> >every function it is better to store all user space specific date inside >> >pr_context and use it from there. >> > >> >> The user can launch several nodes, how are we going to know which node >handle to use? >> I think we may need to receive at least one index or id to the node >handle. > >Yes, I guess thats the correct way! We need to maintain how many nodes >are allocated for a user process, and just make sure that this id / >index is <= number of allocated nodes. > This comparison (<=) won't work because the user can eliminate nodes in the middle of the list in which case we may need to maintain a list of valid indexes. So I don't see any improvement with this way to validate the handles. I was thinking in an array an based on the index verify that the handle is valid, independently of the number of nodes this would be very quick, but the disadvantage would be that the number per process will be limited to the size of the array. >Cheers, >Ameya. -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html