| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 5 Oct 2017 15:31:05 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: Sergey Klyaus <sergey.m.klyaus@...il.com>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Li Wang <liwang@...hat.com>,
Andreas Dilger <adilger@...ger.ca>,
Andi Kleen <andi.kleen@...el.com>
Subject: Re: [PATCH] vfs: fix statfs64() returning impossible EOVERFLOW for
64-bit f_files
On Thu, Oct 5, 2017 at 1:57 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> AFAICS, the real bug here is in hugetlbfs; that's where obscene values in
> ->f_bsize come from. IMO all that code in put_compat_statfs64() should be
> replaced with
> if (kbuf->bsize != (u32)kbuf->bsize)
> return -EOVERFLOW;
> That, or hugetlbfs could be taught to fake saner ->f_bsize (recalculating
> ->f_bavail/->f_bfree/->f_blocks to go with that).
Make it so. Except you shouldn't do
if (kbuf->bsize != (u32)kbuf->bsize)
you should do something like
#define FITS_IN(x,y) ({ typeof x __x = (x); typeof y __y = __x;
__x == __y; })
and then do
if (!FITS_IN(kbuf->bsize, ubuf->bsize)) ...
because there is nothing that specifies that the ubuf size of all
fields has to be 32 bits.
But yes,m either you need to then special-case that crazy all-ones
value, or just fix hugetlbfs to not use crazy crap.
Linus
Powered by blists - more mailing lists