Re: [PATCH 1/2] staging: vc04_services: Fix unportable cast in vchiq_copy_from_user

From: Michael Zoran
Date: Mon Oct 24 2016 - 08:12:19 EST


On Mon, 2016-10-24 at 14:58 +0300, Dan Carpenter wrote:
> On Mon, Oct 24, 2016 at 04:39:49AM -0700, Michael Zoran wrote:
> > On Mon, 2016-10-24 at 14:36 +0300, Dan Carpenter wrote:
> > > On Mon, Oct 24, 2016 at 04:09:37AM -0700, Michael Zoran wrote:
> > > > I didn't think it looked totally correct, but I'm not sure it's
> > > > any
> > > > more broken then what is already in the tree.
> > >
> > > It's not more broken.ÂÂBut better to leave the compile warning
> > > there
> > > to
> > > mark that it is an obvious security problem.
> > >
> > > >
> > > > If you can kindly point me to some other source code or
> > > > documentation
> > > > to look at that is correct, I'm more then willing to fix the
> > > > patch.
> > > >
> > >
> > > I was hoping the maintainers could chip in, because I didn't want
> > > to
> > > look at the code.ÂÂWe really need to track which are use pointers
> > > and
> > > which are kernel pointers.ÂÂWe can't mix them like this.
> > >
> > > regards,
> > > dan carpenter
> > >
> >
> > The problem is that I'm mostly interested in arm64 ATM, and I don't
> > think the existing code works at all with 64 bit pointers.
> >
> > Broken as it may be...
>
> It's a security issue.ÂÂWe'll get this fixed in a day or two.
>
> regards,
> dan carpenter

If security is a major goal with this driver, I think the whole driver
needs to be thrown out the door and rewritten from scratch!

This driver is for the Raspberry PI and a very, very big assumption
that is in the whole architecture is that local processes are trusted.
I can give you probably a phone book of issues like this with this
driver, but I'm thinking that's outside the scope of this patch set and
outside the scope of what I'm trying to do.