linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Miklos Szeredi <miklos@szeredi.hu>
To: Chirantan Ekbote <chirantan@chromium.org>
Cc: linux-fsdevel@vger.kernel.org, Dylan Reid <dgreid@chromium.org>,
	Suleiman Souhlal <suleiman@chromium.org>,
	fuse-devel <fuse-devel@lists.sourceforge.net>,
	Eric Biggers <ebiggers@kernel.org>,
	linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH v2 2/2] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX
Date: Mon, 15 Feb 2021 15:49:52 +0100	[thread overview]
Message-ID: <CAJfpegtq1fDapizFX3idgrYd3dahtiZ-32F8bvoEMZwGdD43hQ@mail.gmail.com> (raw)
In-Reply-To: <20201208093808.1572227-3-chirantan@chromium.org>

On Tue, Dec 8, 2020 at 10:38 AM Chirantan Ekbote <chirantan@chromium.org> wrote:
>
> Chrome OS would like to support this ioctl when passed through the fuse
> driver. However since it is dynamically sized, we can't rely on the
> length encoded in the command.  Instead check the `policy_size` field of
> the user provided parameter to get the max length of the data returned
> by the server.

I'd also maximize the length at sizeof(union fscrypt_policy).  I.e.
virtiofs doesn't need to support higher level versions than the client
kernel supports.

Also, I'm thinking about whether it's safe to enable in plain fuse in
addition to virtiofs.  I don't see a reason for not doing so, but
maybe it makes sense to keep disabled until a use case comes up.

Thanks,
Miklos


>
> Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
> ---
>  fs/fuse/file.c | 16 ++++++++++++++++
>  1 file changed, 16 insertions(+)
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 69cffb77a0b25..b64ff7f2fe4dd 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -19,6 +19,7 @@
>  #include <linux/falloc.h>
>  #include <linux/uio.h>
>  #include <linux/fs.h>
> +#include <linux/fscrypt.h>
>
>  static struct page **fuse_pages_alloc(unsigned int npages, gfp_t flags,
>                                       struct fuse_page_desc **desc)
> @@ -2710,6 +2711,21 @@ static int fuse_get_ioctl_len(unsigned int cmd, unsigned long arg, size_t *len)
>         case FS_IOC_SETFLAGS:
>                 *len = sizeof(int);
>                 break;
> +       case FS_IOC_GET_ENCRYPTION_POLICY_EX: {
> +               __u64 policy_size;
> +               struct fscrypt_get_policy_ex_arg __user *uarg =
> +                       (struct fscrypt_get_policy_ex_arg __user *)arg;
> +
> +               if (copy_from_user(&policy_size, &uarg->policy_size,
> +                                  sizeof(policy_size)))
> +                       return -EFAULT;
> +
> +               if (policy_size > SIZE_MAX - sizeof(policy_size))
> +                       return -EINVAL;
> +
> +               *len = sizeof(policy_size) + policy_size;
> +               break;
> +       }
>         default:
>                 *len = _IOC_SIZE(cmd);
>                 break;
> --
> 2.29.2.576.ga3fc446d84-goog
>

      parent reply	other threads:[~2021-02-15 14:50 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-12-07  4:03 [PATCH] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX Chirantan Ekbote
2020-12-07 18:01 ` Eric Biggers
2020-12-08  9:38 ` [PATCH v2 0/2] fuse: fscrypt ioctl support Chirantan Ekbote
2020-12-08  9:38   ` [PATCH v2 1/2] fuse: Move ioctl length calculation to a separate function Chirantan Ekbote
2020-12-11 18:11     ` Eric Biggers
2020-12-08  9:38   ` [PATCH v2 2/2] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX Chirantan Ekbote
2020-12-11 18:12     ` Eric Biggers
2021-02-15 14:49     ` Miklos Szeredi [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAJfpegtq1fDapizFX3idgrYd3dahtiZ-32F8bvoEMZwGdD43hQ@mail.gmail.com \
    --to=miklos@szeredi.hu \
    --cc=chirantan@chromium.org \
    --cc=dgreid@chromium.org \
    --cc=ebiggers@kernel.org \
    --cc=fuse-devel@lists.sourceforge.net \
    --cc=linux-fscrypt@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=suleiman@chromium.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).