lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 25 Apr 2020 04:24:24 +0530
From:   Ritesh Harjani <riteshh@...ux.ibm.com>
To:     Eric Biggers <ebiggers@...nel.org>
Cc:     linux-fsdevel@...r.kernel.org, linux-xfs@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>,
        "Darrick J . Wong" <darrick.wong@...cle.com>,
        Christoph Hellwig <hch@...radead.org>,
        Jan Kara <jack@...e.com>, tytso@....edu,
        "Aneesh Kumar K . V" <aneesh.kumar@...ux.ibm.com>,
        linux-ext4@...r.kernel.org
Subject: Re: [PATCH 1/2] fibmap: Warn and return an error in case of block >
 INT_MAX



On 4/25/20 12:47 AM, Eric Biggers wrote:
> On Fri, Apr 24, 2020 at 12:52:17PM +0530, Ritesh Harjani wrote:
>> We better warn the fibmap user and not return a truncated and therefore
>> an incorrect block map address if the bmap() returned block address
>> is greater than INT_MAX (since user supplied integer pointer).
>>
>> It's better to WARN all user of ioctl_fibmap() and return a proper error
>> code rather than silently letting a FS corruption happen if the user tries
>> to fiddle around with the returned block map address.
>>
>> We fix this by returning an error code of -ERANGE and returning 0 as the
>> block mapping address in case if it is > INT_MAX.
>>
>> Signed-off-by: Ritesh Harjani <riteshh@...ux.ibm.com>
>> ---
>>   fs/ioctl.c | 5 +++++
>>   1 file changed, 5 insertions(+)
>>
>> diff --git a/fs/ioctl.c b/fs/ioctl.c
>> index f1d93263186c..3489f3a12c1d 100644
>> --- a/fs/ioctl.c
>> +++ b/fs/ioctl.c
>> @@ -71,6 +71,11 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
>>   	block = ur_block;
>>   	error = bmap(inode, &block);
>>   
>> +	if (block > INT_MAX) {
>> +		error = -ERANGE;
>> +		WARN(1, "would truncate fibmap result\n");
>> +	}
>> +
> 
> WARN() is only for kernel bugs.  This case would be a userspace bug, not a
> kernel bug, right?  If so, it should use pr_warn(), not WARN().

Ok, I see.
Let me replace WARN() with below pr_warn() line then. If no objections,
then will send this in a v2 with both patches combined as Darrick
suggested. - (with Reviewed-by tags of Jan & Christoph).

pr_warn("fibmap: this would truncate fibmap result\n");


> 
> - Eric
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ