From: Jann Horn <jannh@google.com> To: neilb@suse.com Cc: Andrew Morton <akpm@linux-foundation.org>, Al Viro <viro@zeniv.linux.org.uk>, Kees Cook <keescook@chromium.org>, Linus Torvalds <torvalds@linux-foundation.org>, linux-doc@vger.kernel.org, kernel list <linux-kernel@vger.kernel.org>, linux-fsdevel@vger.kernel.org, Jonathan Corbet <corbet@lwn.net> Subject: Re: [PATCH mm] VFS: seq_file: ensure ->from is valid. Date: Sat, 7 Jul 2018 05:50:00 +0200 [thread overview] Message-ID: <CAG48ez1XSV9a-SBob6_p3RNC2vU3FnMnsm9Cd6deChh6QexpzQ@mail.gmail.com> (raw) In-Reply-To: <87601ryb8a.fsf@notabene.neil.brown.name> On Sat, Jul 7, 2018 at 5:29 AM NeilBrown <neilb@suse.com> wrote: > Previous patch ("VFS: simplify seq_file iteration code and interface") > removed code to set ->from to zero when ->count is zero, as ->from is > dead at that time. However it didn't ensure ->from was set properly > whenever ->count becomes non-zero. > This can only happen when ->show() is called. Of the three places it > is called one already has ->from set to zero. The other two are > fixed by setting from to zero after fully flushing the buffer (at which > point ->count will also be zero). > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: NeilBrown <neilb@suse.com> Tested-by: Jann Horn <jannh@google.com> > --- > fs/seq_file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/seq_file.c b/fs/seq_file.c > index fd82585ab50f..1dea7a8a5255 100644 > --- a/fs/seq_file.c > +++ b/fs/seq_file.c > @@ -220,6 +220,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) > goto Done; > } > /* we need at least one record in buffer */ > + m->from = 0; > p = m->op->start(m, &m->index); > while (1) { > err = PTR_ERR(p); This looks correct to me. I have also tested that with this patch applied, my crasher doesn't work anymore.
WARNING: multiple messages have this Message-ID (diff)
From: Jann Horn <jannh@google.com> To: neilb@suse.com Cc: Andrew Morton <akpm@linux-foundation.org>, Al Viro <viro@zeniv.linux.org.uk>, Kees Cook <keescook@chromium.org>, Linus Torvalds <torvalds@linux-foundation.org>, linux-doc@vger.kernel.org, kernel list <linux-kernel@vger.kernel.org>, linux-fsdevel@vger.kernel.org, Jonathan Corbet <corbet@lwn.net> Subject: Re: [PATCH mm] VFS: seq_file: ensure ->from is valid. Date: Sat, 7 Jul 2018 05:50:00 +0200 [thread overview] Message-ID: <CAG48ez1XSV9a-SBob6_p3RNC2vU3FnMnsm9Cd6deChh6QexpzQ@mail.gmail.com> (raw) In-Reply-To: <87601ryb8a.fsf@notabene.neil.brown.name> On Sat, Jul 7, 2018 at 5:29 AM NeilBrown <neilb@suse.com> wrote: > Previous patch ("VFS: simplify seq_file iteration code and interface") > removed code to set ->from to zero when ->count is zero, as ->from is > dead at that time. However it didn't ensure ->from was set properly > whenever ->count becomes non-zero. > This can only happen when ->show() is called. Of the three places it > is called one already has ->from set to zero. The other two are > fixed by setting from to zero after fully flushing the buffer (at which > point ->count will also be zero). > > Reported-by: Jann Horn <jannh@google.com> > Signed-off-by: NeilBrown <neilb@suse.com> Tested-by: Jann Horn <jannh@google.com> > --- > fs/seq_file.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/fs/seq_file.c b/fs/seq_file.c > index fd82585ab50f..1dea7a8a5255 100644 > --- a/fs/seq_file.c > +++ b/fs/seq_file.c > @@ -220,6 +220,7 @@ ssize_t seq_read(struct file *file, char __user *buf, size_t size, loff_t *ppos) > goto Done; > } > /* we need at least one record in buffer */ > + m->from = 0; > p = m->op->start(m, &m->index); > while (1) { > err = PTR_ERR(p); This looks correct to me. I have also tested that with this patch applied, my crasher doesn't work anymore. -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-07-07 3:50 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-04-15 22:42 [PATCH] VFS: simplify seq_file iteration code and interface NeilBrown 2018-04-30 1:50 ` [PATCH resend] " NeilBrown 2018-04-30 18:03 ` Jonathan Corbet 2018-04-30 18:03 ` Jonathan Corbet 2018-05-31 22:26 ` [PATCH resend*2] " NeilBrown 2018-06-18 6:46 ` [PATCH resend*3] " NeilBrown 2018-07-07 0:56 ` Jann Horn 2018-07-07 0:56 ` Jann Horn 2018-07-07 3:23 ` NeilBrown 2018-07-07 3:29 ` [PATCH mm] VFS: seq_file: ensure ->from is valid NeilBrown 2018-07-07 3:50 ` Jann Horn [this message] 2018-07-07 3:50 ` Jann Horn 2018-07-09 18:16 ` Kees Cook 2018-07-09 18:16 ` Kees Cook 2018-07-09 19:40 ` Jann Horn 2018-07-09 19:40 ` Jann Horn
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=CAG48ez1XSV9a-SBob6_p3RNC2vU3FnMnsm9Cd6deChh6QexpzQ@mail.gmail.com \ --to=jannh@google.com \ --cc=akpm@linux-foundation.org \ --cc=corbet@lwn.net \ --cc=keescook@chromium.org \ --cc=linux-doc@vger.kernel.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=neilb@suse.com \ --cc=torvalds@linux-foundation.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.