| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 8 Aug 2009 07:15:56 -0400 From: Jeff Layton <jlayton@...hat.com> To: Johannes Weiner <hannes@...xchg.org> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, akpm@...ux-foundation.org, hch@...radead.org, rlove@...gle.com, msb@...gle.com, viro@...iv.linux.org.uk Subject: Re: [PATCH 3/4] vfs: change sb->s_maxbytes to a loff_t On Sat, 8 Aug 2009 00:51:46 +0200 Johannes Weiner <hannes@...xchg.org> wrote: > On Fri, Aug 07, 2009 at 02:57:40PM -0400, Jeff Layton wrote: > > sb->s_maxbytes is supposed to indicate the maximum size of a file that > > can exist on the filesystem. It's declared as an unsigned long long. > > > > Even if a filesystem has no inherent limit that prevents it from using > > every bit in that unsigned long long, it's still problematic to set it > > to anything larger than MAX_LFS_FILESIZE. A lot of places implicitly > > cast s_maxbytes to a signed value when doing comparisons against it > > (usually using loff_t on the other side of the comparison). If it's > > set too large then this cast makes it a negative number and generally > > breaks the comparison. > > > > Change s_maxbytes to be loff_t instead. That should help eliminate the > > temptation to set it too large by making it a signed value. > > > > Signed-off-by: Jeff Layton <jlayton@...hat.com> > > --- > > fs/super.c | 10 ++++++++++ > > include/linux/fs.h | 2 +- > > 2 files changed, 11 insertions(+), 1 deletions(-) > > > > diff --git a/fs/super.c b/fs/super.c > > index 2761d3e..929d55d 100644 > > --- a/fs/super.c > > +++ b/fs/super.c > > @@ -889,6 +889,16 @@ vfs_kern_mount(struct file_system_type *type, int flags, const char *name, void > > if (error) > > goto out_sb; > > > > + /* > > + * filesystems should never set s_maxbytes larger than MAX_LFS_FILESIZE > > + * but s_maxbytes was an unsigned long long for many releases. Throw > > + * this warning for a little while to try and catch filesystems that > > + * violate this rule. This warning can be removed in 2.6.34. > > + */ > > + WARN(((unsigned long long) mnt->mnt_sb->s_maxbytes > MAX_LFS_FILESIZE), > > + "WARNING: %s sets sb->s_maxbytes too large (%llu)", type->name, > > + (unsigned long long) mnt->mnt_sb->s_maxbytes); > > Since it's signed now, you could just check for it being < 0, no? > Sure, that works too and is probably a little cleaner. I'll change it in the next respin to do that. > I don't like the warning much, though. It seems to be a random check > for a bug that has been fixed now. We don't check other errors from > ->get_sb() either. Ordinarily, I'd agree with this, but we're changing the type of s_maxbytes. It's possible that: A) I missed something in one of the more complex s_maxbytes calculations. B) Out of tree filesystems are broken in this way and don't realize it. I think it makes some sense to burn a couple of CPU cycles in the mount codepath for a few releases to try and catch both of these cases. If we don't warn this way, then this change could result in more subtle breakage. -- Jeff Layton <jlayton@...hat.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists