diff mbox series

[v9,01/19] fs: Fix rw_hint validation

Message ID 20240130214911.1863909-2-bvanassche@acm.org
State New
Headers show
Series Pass data lifetime information to SCSI disk devices | expand

Commit Message

Bart Van Assche Jan. 30, 2024, 9:48 p.m. UTC 
Reject values that are valid rw_hints after truncation but not before
truncation by passing an untruncated value to rw_hint_valid().

Reviewed-by: Christoph Hellwig <hch@lst.de>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Fixes: 5657cb0797c4 ("fs/fcntl: use copy_to/from_user() for u64 types")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
 fs/fcntl.c | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

Comments

Christian Brauner Jan. 31, 2024, 1:56 p.m. UTC | #1 
On Tue, Jan 30, 2024 at 01:48:27PM -0800, Bart Van Assche wrote:
> Reject values that are valid rw_hints after truncation but not before
> truncation by passing an untruncated value to rw_hint_valid().
> 
> Reviewed-by: Christoph Hellwig <hch@lst.de>
> Cc: Jeff Layton <jlayton@kernel.org>
> Cc: Chuck Lever <chuck.lever@oracle.com>
> Cc: Jens Axboe <axboe@kernel.dk>
> Cc: Stephen Rothwell <sfr@canb.auug.org.au>
> Fixes: 5657cb0797c4 ("fs/fcntl: use copy_to/from_user() for u64 types")
> Signed-off-by: Bart Van Assche <bvanassche@acm.org>
> ---

The fs parts of this should go through a vfs tree as this is vfs infra.
I can then give you a stable tag that you can merge and base the big
block and scsci bits on. It'll minimize merge conflicts and makes it
easier to coordinate imho.

>  fs/fcntl.c | 12 +++++-------
>  1 file changed, 5 insertions(+), 7 deletions(-)
> 
> diff --git a/fs/fcntl.c b/fs/fcntl.c
> index c80a6acad742..3ff707bf2743 100644
> --- a/fs/fcntl.c
> +++ b/fs/fcntl.c
> @@ -268,7 +268,7 @@ static int f_getowner_uids(struct file *filp, unsigned long arg)
>  }
>  #endif
>  
> -static bool rw_hint_valid(enum rw_hint hint)
> +static bool rw_hint_valid(u64 hint)
>  {
>  	switch (hint) {
>  	case RWH_WRITE_LIFE_NOT_SET:
> @@ -288,19 +288,17 @@ static long fcntl_rw_hint(struct file *file, unsigned int cmd,
>  {
>  	struct inode *inode = file_inode(file);
>  	u64 __user *argp = (u64 __user *)arg;
> -	enum rw_hint hint;
> -	u64 h;
> +	u64 hint;
>  
>  	switch (cmd) {
>  	case F_GET_RW_HINT:
> -		h = inode->i_write_hint;
> -		if (copy_to_user(argp, &h, sizeof(*argp)))
> +		hint = inode->i_write_hint;
> +		if (copy_to_user(argp, &hint, sizeof(*argp)))
>  			return -EFAULT;
>  		return 0;
>  	case F_SET_RW_HINT:
> -		if (copy_from_user(&h, argp, sizeof(h)))
> +		if (copy_from_user(&hint, argp, sizeof(hint)))
>  			return -EFAULT;
> -		hint = (enum rw_hint) h;
>  		if (!rw_hint_valid(hint))
>  			return -EINVAL;
>
Kanchan Joshi Jan. 31, 2024, 2:51 p.m. UTC | #2 
On 1/31/2024 3:18 AM, Bart Van Assche wrote:
> Reject values that are valid rw_hints after truncation but not before
> truncation by passing an untruncated value to rw_hint_valid().

Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Bart Van Assche Jan. 31, 2024, 9:07 p.m. UTC | #3 
On 1/31/24 05:56, Christian Brauner wrote:
> The fs parts of this should go through a vfs tree as this is vfs infra.
> I can then give you a stable tag that you can merge and base the big
> block and scsci bits on. It'll minimize merge conflicts and makes it
> easier to coordinate imho.
The fs parts have been posted on the fs-devel mailing list. See also
https://lore.kernel.org/all/20240131205237.3540210-1-bvanassche@acm.org/

Thanks,

Bart.
Bart Van Assche Feb. 22, 2024, 2:46 a.m. UTC | #4 
On 1/31/24 05:56, Christian Brauner wrote:
> The fs parts of this should go through a vfs tree as this is vfs infra.
> I can then give you a stable tag that you can merge and base the big
> block and scsci bits on. It'll minimize merge conflicts and makes it
> easier to coordinate imho.

Hi Christian,

It would be appreciated if such a stable tag could be created on the vfs.rw
branch.

Thanks,

Bart.
Christian Brauner Feb. 22, 2024, 8:51 a.m. UTC | #5 
On Wed, Feb 21, 2024 at 06:46:51PM -0800, Bart Van Assche wrote:
> On 1/31/24 05:56, Christian Brauner wrote:
> > The fs parts of this should go through a vfs tree as this is vfs infra.
> > I can then give you a stable tag that you can merge and base the big
> > block and scsci bits on. It'll minimize merge conflicts and makes it
> > easier to coordinate imho.
> 
> Hi Christian,
> 
> It would be appreciated if such a stable tag could be created on the vfs.rw
> branch.

Isn't the stable branch enough I gave you weeks ago?
It's usually what I do with Jens.
But fwiw, see I've added the vfs-6.9.rw_hint tag. Pushed.
diff mbox series

Patch

diff --git a/fs/fcntl.c b/fs/fcntl.c
index c80a6acad742..3ff707bf2743 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -268,7 +268,7 @@  static int f_getowner_uids(struct file *filp, unsigned long arg)
 }
 #endif
 
-static bool rw_hint_valid(enum rw_hint hint)
+static bool rw_hint_valid(u64 hint)
 {
 	switch (hint) {
 	case RWH_WRITE_LIFE_NOT_SET:
@@ -288,19 +288,17 @@  static long fcntl_rw_hint(struct file *file, unsigned int cmd,
 {
 	struct inode *inode = file_inode(file);
 	u64 __user *argp = (u64 __user *)arg;
-	enum rw_hint hint;
-	u64 h;
+	u64 hint;
 
 	switch (cmd) {
 	case F_GET_RW_HINT:
-		h = inode->i_write_hint;
-		if (copy_to_user(argp, &h, sizeof(*argp)))
+		hint = inode->i_write_hint;
+		if (copy_to_user(argp, &hint, sizeof(*argp)))
 			return -EFAULT;
 		return 0;
 	case F_SET_RW_HINT:
-		if (copy_from_user(&h, argp, sizeof(h)))
+		if (copy_from_user(&hint, argp, sizeof(hint)))
 			return -EFAULT;
-		hint = (enum rw_hint) h;
 		if (!rw_hint_valid(hint))
 			return -EINVAL;