lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Dec 2017 17:04:05 +1100
From:   NeilBrown <neilb@...e.com>
To:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Al Viro <viro@...iv.linux.org.uk>
Cc:     linux-fsdevel@...r.kernel.org, linux-nfs@...r.kernel.org,
        Amir Goldstein <amir73il@...il.com>,
        lkml <linux-kernel@...r.kernel.org>,
        Lennart Poettering <lennart@...ttering.net>
Subject: [PATCH 4/4] fhandle: Improve error responses in name_to_handle_at()

1/ Always return the mnt_id, even if some other error occurs.
   It can be useful without the file handle.
   An application can initialise the memory to, e.g. -1
   and if there is some other value after name_to_handle_at()
   returns, then it is a valid mnt_id.
   If the value is unchanged, then the kernel does not
   have this patch.

2/ Don't return -EINVAL if the requested handle_bytes is
   larger than MAX_HANDLE_SZ.  There is no need for an
   error and it causes unnecessary behavior change
   in the kernel ever needs to increase MAX_HANDLE_SZ.
   Simple limit handle_bytes to MAX_HANDLE_SZ silently.

Signed-off-by: NeilBrown <neilb@...e.com>
---
 fs/fhandle.c |   16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/fs/fhandle.c b/fs/fhandle.c
index 0ace128f5d23..04afffaeb742 100644
--- a/fs/fhandle.c
+++ b/fs/fhandle.c
@@ -23,9 +23,16 @@ static long do_sys_name_to_handle(struct path *path,
 	int handle_dwords, handle_bytes;
 	struct file_handle *handle = NULL;
 
+	/*
+	 * Always return the mnt_id, it might be useful even
+	 * without the file handle
+	 */
+	if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id,
+			 sizeof(*mnt_id)))
+		return -EFAULT;
 	/*
 	 * We need to make sure whether the file system
-	 * support decoding of the file handle
+	 * supports decoding of the file handle.
 	 */
 	if (!path->dentry->d_sb->s_export_op ||
 	    !path->dentry->d_sb->s_export_op->fh_to_dentry)
@@ -35,7 +42,7 @@ static long do_sys_name_to_handle(struct path *path,
 		return -EFAULT;
 
 	if (f_handle.handle_bytes > MAX_HANDLE_SZ)
-		return -EINVAL;
+		f_handle.handle_bytes = MAX_HANDLE_SZ;
 
 	handle = kmalloc(sizeof(struct file_handle) + f_handle.handle_bytes,
 			 GFP_KERNEL);
@@ -68,10 +75,7 @@ static long do_sys_name_to_handle(struct path *path,
 		retval = -EOVERFLOW;
 	} else
 		retval = 0;
-	/* copy the mount id */
-	if (copy_to_user(mnt_id, &real_mount(path->mnt)->mnt_id,
-			 sizeof(*mnt_id)) ||
-	    copy_to_user(ufh, handle,
+	if (copy_to_user(ufh, handle,
 			 sizeof(struct file_handle) + handle_bytes))
 		retval = -EFAULT;
 	kfree(handle);

Powered by blists - more mailing lists