All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] check for invalid flags in xfs_attrlist_by_handle
@ 2008-05-31  7:58 Christoph Hellwig
  2008-06-20  5:41 ` Timothy Shimmin
  0 siblings, 1 reply; 5+ messages in thread
From: Christoph Hellwig @ 2008-05-31  7:58 UTC (permalink / raw)
  To: xfs

xfs_attrlist_by_handle should only take the ATTR_ flags for the root
namespaces.  The ATTR_KERN* flags may change at anytime and expect special
preconditions that can't be guaranteed for userspace-originating
requests.  For example passing down ATTR_KERNNOVAL through
xfs_attrlist_by_handle will hit an assert in debug builds currently.


Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_ioctl.c	2008-05-28 17:37:02.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c	2008-05-28 17:42:18.000000000 +0200
@@ -470,6 +470,12 @@ xfs_attrlist_by_handle(
 	if (al_hreq.buflen > XATTR_LIST_MAX)
 		return -XFS_ERROR(EINVAL);
 
+	/*
+	 * Reject flags, only allow namespaces.
+	 */
+	if (al_hreq.flags & ~(ATTR_ROOT|ATTR_TRUST|ATTR_SECURE))
+		return -XFS_ERROR(EINVAL);
+
 	error = xfs_vget_fsop_handlereq(mp, parinode, &al_hreq.hreq, &inode);
 	if (error)
 		goto out;

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] check for invalid flags in xfs_attrlist_by_handle
  2008-05-31  7:58 [PATCH] check for invalid flags in xfs_attrlist_by_handle Christoph Hellwig
@ 2008-06-20  5:41 ` Timothy Shimmin
  2008-06-20  5:48   ` Christoph Hellwig
  2008-06-23 11:39   ` Christoph Hellwig
  0 siblings, 2 replies; 5+ messages in thread
From: Timothy Shimmin @ 2008-06-20  5:41 UTC (permalink / raw)
  To: Christoph Hellwig; +Cc: xfs

Fair enough.
Actually, I think we only use ATTR_ROOT and ATTR_SECURE for the
namespace flags.
So you could probably use: XFS_ATTR_NSP_ARGS
xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS_MASK	 (ATTR_ROOT | ATTR_SECURE)
xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS(flags) ((flags) & XFS_ATTR_NSP_ARGS_MASK)
and something like:

if (!XFS_ATTR_NSP_ARGS(al_hreq.flags))
         return -XFS_ERROR(EINVAL);

Though would probably then need to include the right header (xfs_attr_leaf.h) for it...

--Tim

Christoph Hellwig wrote:
> xfs_attrlist_by_handle should only take the ATTR_ flags for the root
> namespaces.  The ATTR_KERN* flags may change at anytime and expect special
> preconditions that can't be guaranteed for userspace-originating
> requests.  For example passing down ATTR_KERNNOVAL through
> xfs_attrlist_by_handle will hit an assert in debug builds currently.
> 
> 
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> 
> Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c
> ===================================================================
> --- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_ioctl.c	2008-05-28 17:37:02.000000000 +0200
> +++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c	2008-05-28 17:42:18.000000000 +0200
> @@ -470,6 +470,12 @@ xfs_attrlist_by_handle(
>  	if (al_hreq.buflen > XATTR_LIST_MAX)
>  		return -XFS_ERROR(EINVAL);
>  
> +	/*
> +	 * Reject flags, only allow namespaces.
> +	 */
> +	if (al_hreq.flags & ~(ATTR_ROOT|ATTR_TRUST|ATTR_SECURE))
> +		return -XFS_ERROR(EINVAL);
> +
>  	error = xfs_vget_fsop_handlereq(mp, parinode, &al_hreq.hreq, &inode);
>  	if (error)
>  		goto out;
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] check for invalid flags in xfs_attrlist_by_handle
  2008-06-20  5:41 ` Timothy Shimmin
@ 2008-06-20  5:48   ` Christoph Hellwig
  2008-06-23 11:39   ` Christoph Hellwig
  1 sibling, 0 replies; 5+ messages in thread
From: Christoph Hellwig @ 2008-06-20  5:48 UTC (permalink / raw)
  To: Timothy Shimmin; +Cc: Christoph Hellwig, xfs

On Fri, Jun 20, 2008 at 03:41:51PM +1000, Timothy Shimmin wrote:
> Fair enough.
> Actually, I think we only use ATTR_ROOT and ATTR_SECURE for the
> namespace flags.
> So you could probably use: XFS_ATTR_NSP_ARGS
> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS_MASK	 (ATTR_ROOT | ATTR_SECURE)
> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS(flags) ((flags) & XFS_ATTR_NSP_ARGS_MASK)
> and something like:
> 
> if (!XFS_ATTR_NSP_ARGS(al_hreq.flags))
>          return -XFS_ERROR(EINVAL);
> 
> Though would probably then need to include the right header (xfs_attr_leaf.h) for it...

Makes sense.  I'll revise the patch and send an updated version after
running it through QA.

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] check for invalid flags in xfs_attrlist_by_handle
  2008-06-20  5:41 ` Timothy Shimmin
  2008-06-20  5:48   ` Christoph Hellwig
@ 2008-06-23 11:39   ` Christoph Hellwig
  2008-06-24  2:47     ` Timothy Shimmin
  1 sibling, 1 reply; 5+ messages in thread
From: Christoph Hellwig @ 2008-06-23 11:39 UTC (permalink / raw)
  To: Timothy Shimmin; +Cc: xfs

On Fri, Jun 20, 2008 at 03:41:51PM +1000, Timothy Shimmin wrote:
> Fair enough.
> Actually, I think we only use ATTR_ROOT and ATTR_SECURE for the
> namespace flags.
> So you could probably use: XFS_ATTR_NSP_ARGS
> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS_MASK	 (ATTR_ROOT | ATTR_SECURE)
> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS(flags) ((flags) & XFS_ATTR_NSP_ARGS_MASK)
> and something like:
> 
> if (!XFS_ATTR_NSP_ARGS(al_hreq.flags))
>          return -XFS_ERROR(EINVAL);

Actually a zero flags is of course valid too.

So the check should be & ~(ATTR_ROOT | ATTR_SECURE).  I could use
XFS_ATTR_NSP_ARGS_MASK but that would pull in not just xfs_attr_leaf.h
but also xfs_da_btree.h and that needs even more headers..

So I propose this simple version:


Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c
===================================================================
--- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_ioctl.c	2008-06-20 08:17:13.000000000 +0200
+++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c	2008-06-23 13:38:17.000000000 +0200
@@ -470,6 +470,12 @@ xfs_attrlist_by_handle(
 	if (al_hreq.buflen > XATTR_LIST_MAX)
 		return -XFS_ERROR(EINVAL);
 
+	/*
+	 * Reject flags, only allow namespaces.
+	 */
+	if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE))
+		return -XFS_ERROR(EINVAL);
+
 	error = xfs_vget_fsop_handlereq(mp, parinode, &al_hreq.hreq, &inode);
 	if (error)
 		goto out;

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] check for invalid flags in xfs_attrlist_by_handle
  2008-06-23 11:39   ` Christoph Hellwig
@ 2008-06-24  2:47     ` Timothy Shimmin
  0 siblings, 0 replies; 5+ messages in thread
From: Timothy Shimmin @ 2008-06-24  2:47 UTC (permalink / raw)
  To: Christoph Hellwig; +Cc: xfs

Christoph Hellwig wrote:
> On Fri, Jun 20, 2008 at 03:41:51PM +1000, Timothy Shimmin wrote:
>> Fair enough.
>> Actually, I think we only use ATTR_ROOT and ATTR_SECURE for the
>> namespace flags.
>> So you could probably use: XFS_ATTR_NSP_ARGS
>> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS_MASK	 (ATTR_ROOT | ATTR_SECURE)
>> xfs_attr_leaf.h:#define XFS_ATTR_NSP_ARGS(flags) ((flags) & XFS_ATTR_NSP_ARGS_MASK)
>> and something like:
>>
>> if (!XFS_ATTR_NSP_ARGS(al_hreq.flags))
>>          return -XFS_ERROR(EINVAL);
> 
> Actually a zero flags is of course valid too.
> 
Ah, that would be why I used the phrase "something like" ;-))
Good pt.

> So the check should be & ~(ATTR_ROOT | ATTR_SECURE).  I could use
> XFS_ATTR_NSP_ARGS_MASK but that would pull in not just xfs_attr_leaf.h
> but also xfs_da_btree.h and that needs even more headers..
> 
> So I propose this simple version:
> 
Cool.
I was just thinking about centralising stuff in case we extend the
namespaces. But that's fine.
I'll check it in...

--Tim

> 
> Index: linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c
> ===================================================================
> --- linux-2.6-xfs.orig/fs/xfs/linux-2.6/xfs_ioctl.c	2008-06-20 08:17:13.000000000 +0200
> +++ linux-2.6-xfs/fs/xfs/linux-2.6/xfs_ioctl.c	2008-06-23 13:38:17.000000000 +0200
> @@ -470,6 +470,12 @@ xfs_attrlist_by_handle(
>  	if (al_hreq.buflen > XATTR_LIST_MAX)
>  		return -XFS_ERROR(EINVAL);
>  
> +	/*
> +	 * Reject flags, only allow namespaces.
> +	 */
> +	if (al_hreq.flags & ~(ATTR_ROOT | ATTR_SECURE))
> +		return -XFS_ERROR(EINVAL);
> +
>  	error = xfs_vget_fsop_handlereq(mp, parinode, &al_hreq.hreq, &inode);
>  	if (error)
>  		goto out;
> 

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2008-06-24  2:47 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-05-31  7:58 [PATCH] check for invalid flags in xfs_attrlist_by_handle Christoph Hellwig
2008-06-20  5:41 ` Timothy Shimmin
2008-06-20  5:48   ` Christoph Hellwig
2008-06-23 11:39   ` Christoph Hellwig
2008-06-24  2:47     ` Timothy Shimmin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.