| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20211015131344.GN23102@quack2.suse.cz>
Date: Fri, 15 Oct 2021 15:13:44 +0200
From: Jan Kara <jack@...e.cz>
To: Amir Goldstein <amir73il@...il.com>
Cc: Gabriel Krisman Bertazi <krisman@...labora.com>,
Jan Kara <jack@...e.com>,
"Darrick J. Wong" <djwong@...nel.org>,
Theodore Tso <tytso@....edu>,
David Howells <dhowells@...hat.com>,
Khazhismel Kumykov <khazhy@...gle.com>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Ext4 <linux-ext4@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
Matthew Bobrowski <repnop@...gle.com>, kernel@...labora.com
Subject: Re: [PATCH v7 22/28] fanotify: Report FID entry even for zero-length
file_handle
On Fri 15-10-21 11:10:58, Amir Goldstein wrote:
> On Fri, Oct 15, 2021 at 12:39 AM Gabriel Krisman Bertazi
> <krisman@...labora.com> wrote:
> >
> > Non-inode errors will reported with an empty file_handle. In
> > preparation for that, allow some events to print the FID record even if
> > there isn't any file_handle encoded
> >
> > Even though FILEID_ROOT is used internally, make zero-length file
> > handles be reported as FILEID_INVALID.
> >
> > Signed-off-by: Gabriel Krisman Bertazi <krisman@...labora.com>
> > ---
> > fs/notify/fanotify/fanotify_user.c | 23 ++++++++++++++++++-----
> > 1 file changed, 18 insertions(+), 5 deletions(-)
> >
> > diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> > index 5324890500fc..39cf8ba4a6ce 100644
> > --- a/fs/notify/fanotify/fanotify_user.c
> > +++ b/fs/notify/fanotify/fanotify_user.c
> > @@ -127,6 +127,16 @@ static int fanotify_fid_info_len(int fh_len, int name_len)
> > FANOTIFY_EVENT_ALIGN);
> > }
> >
> > +static bool fanotify_event_allows_empty_fh(struct fanotify_event *event)
> > +{
> > + switch (event->type) {
> > + case FANOTIFY_EVENT_TYPE_FS_ERROR:
> > + return true;
> > + default:
> > + return false;
> > + }
> > +}
> > +
> > static size_t fanotify_event_len(unsigned int info_mode,
> > struct fanotify_event *event)
> > {
> > @@ -157,7 +167,7 @@ static size_t fanotify_event_len(unsigned int info_mode,
> > if (info_mode & FAN_REPORT_PIDFD)
> > event_len += FANOTIFY_PIDFD_INFO_HDR_LEN;
> >
> > - if (fh_len)
> > + if (fh_len || fanotify_event_allows_empty_fh(event))
> > event_len += fanotify_fid_info_len(fh_len, dot_len);
> >
> > return event_len;
> > @@ -338,9 +348,6 @@ static int copy_fid_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
> > pr_debug("%s: fh_len=%zu name_len=%zu, info_len=%zu, count=%zu\n",
> > __func__, fh_len, name_len, info_len, count);
> >
> > - if (!fh_len)
> > - return 0;
> > -
> > if (WARN_ON_ONCE(len < sizeof(info) || len > count))
> > return -EFAULT;
> >
> > @@ -375,6 +382,11 @@ static int copy_fid_info_to_user(__kernel_fsid_t *fsid, struct fanotify_fh *fh,
> >
> > handle.handle_type = fh->type;
> > handle.handle_bytes = fh_len;
> > +
> > + /* Mangle handle_type for bad file_handle */
> > + if (!fh_len)
> > + handle.handle_type = FILEID_INVALID;
> > +
> > if (copy_to_user(buf, &handle, sizeof(handle)))
> > return -EFAULT;
> >
> > @@ -467,7 +479,8 @@ static int copy_info_records_to_user(struct fanotify_event *event,
> > total_bytes += ret;
> > }
> >
> > - if (fanotify_event_object_fh_len(event)) {
> > + if (fanotify_event_object_fh_len(event) ||
> > + fanotify_event_allows_empty_fh(event)) {
> > const char *dot = NULL;
> > int dot_len = 0;
> >
>
> I don't like this fanotify_event_allows_empty_fh() implementation so much.
>
> How about this instead:
>
> static inline struct fanotify_fh *fanotify_event_object_fh(
> struct fanotify_event *event)
> {
> struct fanotify_fh *fh = NULL;
>
> /* An error event encodes (a FILEID_INVAL) fh for an empty fh */
> if (event->type == FANOTIFY_EVENT_TYPE_FS_ERROR)
> return &FANOTIFY_EE(event)->object_fh;
> else if (event->type == FANOTIFY_EVENT_TYPE_FID)
> fh = &FANOTIFY_FE(event)->object_fh;
> else if (event->type == FANOTIFY_EVENT_TYPE_FID_NAME)
> fh = fanotify_info_file_fh(&FANOTIFY_NE(event)->info);
>
> if (!fh && !fh->len)
> return NULL;
>
> return fh;
> }
>
> struct fanotify_fh *object_fh = fanotify_event_object_fh(event);
> ...
>
> - if (fanotify_event_object_fh_len(event)) {
> + if (object_fh) {
> const char *dot = NULL;
> ...
> ret = copy_fid_info_to_user(fanotify_event_fsid(event),
> - fanotify_event_object_fh(event),
> + object_fh,
> info_type, dot, dot_len,
> buf, count);
> ...
>
> And similar change to fanotify_event_len()
>
> This way, the logic of whether to report fh or not is encoded in
> fanotify_event_object_fh() and fanotify_event_object_fh_len()
> goes back to being a property of the the fh report.
I like this except that AFAICT this will be problematic for
fanotify_event_object_fh_len() because there we want to return 0 (length of
file handle buffer to copy) for error events - so "copy just header to
userspace" is going to be indistiguishable from "copy nothing".
But maybe we need helpers fanotify_event_has_object_fh() and
fanotify_event_has_dir_fh() (for symmetry) instead of directly checking
fh_len? These would then encapsulate all the magic for error events.
Honza
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists