lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <524f69650907211745t3c19724ete7f7a9c7b92fcfd2@mail.gmail.com>
Date:	Tue, 21 Jul 2009 19:45:40 -0500
From:	Steve French <smfrench@...il.com>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	linux-cifs-client@...ts.samba.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] cifs: fix sb->s_maxbytes so that it casts properly to a 
	signed value

Fix seems logical, although would like to see the maxbytes field the
correct size.  If it really is a loff_t rather than unsigned why
wasn't sparse warning on the vfs in sendfile when it did this
incorrect cast?

When did this start breaking, am a little surprised that connectathon
(and the usual dbench, fsstress, fsx etc.) didn't break if sendfile
was broken, and I don't think that cifs has changed in this area in a
long time.

Shouldn't this cc stable ... sendfile is important.

On Tue, Jul 21, 2009 at 6:42 PM, Jeff Layton<jlayton@...hat.com> wrote:
> This off-by-one bug causes sendfile() to not work properly. When a task
> calls sendfile() on a file on a CIFS filesystem, the syscall returns -1
> and sets errno to EOVERFLOW.
>
> do_sendfile uses s_maxbytes to verify the returned offset of the file.
> The problem there is that this value is cast to a signed value (loff_t).
> When this is done on the s_maxbytes value that cifs uses, it becomes
> negative and the comparisons against it fail.
>
> Even though s_maxbytes is an unsigned value, it seems that it's not OK
> to set it in such a way that it'll end up negative when it's cast to a
> signed value. These casts happen in other codepaths besides sendfile
> too, but the VFS is a little hard to follow in this area and I can't
> be sure if there are other bugs that this will fix.
>
> It's not clear to me why s_maxbytes isn't just declared as loff_t in the
> first place, but either way we still need to fix these values to make
> sendfile work properly. This is also an opportunity to replace the magic
> bit-shift values here with the standard #defines for this.
>
> This fixes the reproducer program I have that does a sendfile and
> will probably also fix the situation where apache is serving from a
> CIFS share.
>
> Signed-off-by: Jeff Layton <jlayton@...hat.com>
> ---
>  fs/cifs/connect.c |    8 ++++----
>  1 files changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
> index 3e9936d..82ad2a8 100644
> --- a/fs/cifs/connect.c
> +++ b/fs/cifs/connect.c
> @@ -2446,10 +2446,10 @@ try_mount_again:
>                tcon->local_lease = volume_info->local_lease;
>        }
>        if (pSesInfo) {
> -               if (pSesInfo->capabilities & CAP_LARGE_FILES) {
> -                       sb->s_maxbytes = (u64) 1 << 63;
> -               } else
> -                       sb->s_maxbytes = (u64) 1 << 31; /* 2 GB */
> +               if (pSesInfo->capabilities & CAP_LARGE_FILES)
> +                       sb->s_maxbytes = MAX_LFS_FILESIZE;
> +               else
> +                       sb->s_maxbytes = MAX_NON_LFS;
>        }
>
>        /* BB FIXME fix time_gran to be larger for LANMAN sessions */
> --
> 1.6.0.6
>
>



-- 
Thanks,

Steve
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ