From: Bart Van Assche <bvanassche@acm.org>
To: Christian Brauner <brauner@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, Jens Axboe <axboe@kernel.dk>,
Christoph Hellwig <hch@lst.de>,
"Martin K . Petersen" <martin.petersen@oracle.com>,
Bart Van Assche <bvanassche@acm.org>,
Kanchan Joshi <joshi.k@samsung.com>,
Jeff Layton <jlayton@kernel.org>,
Chuck Lever <chuck.lever@oracle.com>,
Stephen Rothwell <sfr@canb.auug.org.au>
Subject: [PATCH v2 1/6] fs: Fix rw_hint validation
Date: Fri, 2 Feb 2024 12:39:20 -0800 [thread overview]
Message-ID: <20240202203926.2478590-2-bvanassche@acm.org> (raw)
In-Reply-To: <20240202203926.2478590-1-bvanassche@acm.org>
Reject values that are valid rw_hints after truncation but not before
truncation by passing an untruncated value to rw_hint_valid().
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Kanchan Joshi <joshi.k@samsung.com>
Cc: Jeff Layton <jlayton@kernel.org>
Cc: Chuck Lever <chuck.lever@oracle.com>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Stephen Rothwell <sfr@canb.auug.org.au>
Fixes: 5657cb0797c4 ("fs/fcntl: use copy_to/from_user() for u64 types")
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
---
fs/fcntl.c | 12 +++++-------
1 file changed, 5 insertions(+), 7 deletions(-)
diff --git a/fs/fcntl.c b/fs/fcntl.c
index c80a6acad742..3ff707bf2743 100644
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -268,7 +268,7 @@ static int f_getowner_uids(struct file *filp, unsigned long arg)
}
#endif
-static bool rw_hint_valid(enum rw_hint hint)
+static bool rw_hint_valid(u64 hint)
{
switch (hint) {
case RWH_WRITE_LIFE_NOT_SET:
@@ -288,19 +288,17 @@ static long fcntl_rw_hint(struct file *file, unsigned int cmd,
{
struct inode *inode = file_inode(file);
u64 __user *argp = (u64 __user *)arg;
- enum rw_hint hint;
- u64 h;
+ u64 hint;
switch (cmd) {
case F_GET_RW_HINT:
- h = inode->i_write_hint;
- if (copy_to_user(argp, &h, sizeof(*argp)))
+ hint = inode->i_write_hint;
+ if (copy_to_user(argp, &hint, sizeof(*argp)))
return -EFAULT;
return 0;
case F_SET_RW_HINT:
- if (copy_from_user(&h, argp, sizeof(h)))
+ if (copy_from_user(&hint, argp, sizeof(hint)))
return -EFAULT;
- hint = (enum rw_hint) h;
if (!rw_hint_valid(hint))
return -EINVAL;
next prev parent reply other threads:[~2024-02-02 20:39 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-02 20:39 [PATCH v2 0/6] Restore data lifetime support Bart Van Assche
2024-02-02 20:39 ` Bart Van Assche [this message]
2024-02-02 20:39 ` [PATCH v2 2/6] fs: Verify write lifetime constants at compile time Bart Van Assche
2024-02-02 20:39 ` [PATCH v2 3/6] fs: Split fcntl_rw_hint() Bart Van Assche
2024-02-02 20:39 ` [PATCH v2 4/6] fs: Move enum rw_hint into a new header file Bart Van Assche
2024-02-02 20:39 ` [PATCH v2 5/6] fs: Propagate write hints to the struct block_device inode Bart Van Assche
2024-02-02 20:39 ` [PATCH v2 6/6] block, fs: Restore the per-bio/request data lifetime fields Bart Van Assche
2024-02-05 20:46 ` Bart Van Assche
2024-02-06 13:35 ` [PATCH v2 0/6] Restore data lifetime support Christian Brauner
2024-02-06 18:25 ` Bart Van Assche
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240202203926.2478590-2-bvanassche@acm.org \
--to=bvanassche@acm.org \
--cc=axboe@kernel.dk \
--cc=brauner@kernel.org \
--cc=chuck.lever@oracle.com \
--cc=hch@lst.de \
--cc=jlayton@kernel.org \
--cc=joshi.k@samsung.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=sfr@canb.auug.org.au \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.