| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Dec 2019 13:05:09 -0800
From: "Darrick J. Wong" <darrick.wong@...cle.com>
To: Arnd Bergmann <arnd@...db.de>
Cc: y2038@...ts.linaro.org, linux-kernel@...r.kernel.org,
linux-xfs@...r.kernel.org, Brian Foster <bfoster@...hat.com>,
Dave Chinner <dchinner@...hat.com>,
Allison Collins <allison.henderson@...cle.com>,
Jan Kara <jack@...e.cz>, Eric Sandeen <sandeen@...deen.net>
Subject: Re: [PATCH v2 20/24] xfs: disallow broken ioctls without
compat-32-bit-time
On Fri, Dec 13, 2019 at 09:53:48PM +0100, Arnd Bergmann wrote:
> When building a kernel that disables support for 32-bit time_t
> system calls, it also makes sense to disable the old xfs_bstat
> ioctls completely, as they truncate the timestamps to 32-bit
> values.
Note that current xfs doesn't support > 32-bit timestamps at all, so for
now the old bulkstat/swapext ioctls will never overflow.
Granted, I melded everyone's suggestions into a more fully formed
'bigtime' feature patchset that I'll dump out soon as part of my usual
end of year carpetbombing of the mailing list, so we likely still need
most of this patch anyway...
> Any application using these needs to be updated to use the v5
> interfaces.
>
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
> fs/xfs/xfs_ioctl.c | 26 ++++++++++++++++++++++++++
> 1 file changed, 26 insertions(+)
>
> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> index 7b35d62ede9f..a4a4eed8879c 100644
> --- a/fs/xfs/xfs_ioctl.c
> +++ b/fs/xfs/xfs_ioctl.c
> @@ -36,6 +36,7 @@
> #include "xfs_reflink.h"
> #include "xfs_ioctl.h"
>
> +#include <linux/compat.h>
> #include <linux/mount.h>
> #include <linux/namei.h>
>
> @@ -617,6 +618,23 @@ xfs_fsinumbers_fmt(
> return xfs_ibulk_advance(breq, sizeof(struct xfs_inogrp));
> }
>
> +/* disallow y2038-unsafe ioctls with CONFIG_COMPAT_32BIT_TIME=n */
> +static bool xfs_have_compat_bstat_time32(unsigned int cmd)
The v5 bulkstat ioctls follow an entirely separate path through
xfs_ioctl.c, so I think you don't need the @cmd parameter.
> +{
> + if (IS_ENABLED(CONFIG_COMPAT_32BIT_TIME))
> + return true;
> +
> + if (IS_ENABLED(CONFIG_64BIT) && !in_compat_syscall())
> + return true;
> +
> + if (cmd == XFS_IOC_FSBULKSTAT_SINGLE ||
> + cmd == XFS_IOC_FSBULKSTAT ||
> + cmd == XFS_IOC_SWAPEXT)
> + return false;
> +
> + return true;
> +}
> +
> STATIC int
> xfs_ioc_fsbulkstat(
> xfs_mount_t *mp,
> @@ -637,6 +655,9 @@ xfs_ioc_fsbulkstat(
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
>
> + if (!xfs_have_compat_bstat_time32(cmd))
> + return -EINVAL;
> +
> if (XFS_FORCED_SHUTDOWN(mp))
> return -EIO;
>
> @@ -1815,6 +1836,11 @@ xfs_ioc_swapext(
> struct fd f, tmp;
> int error = 0;
>
> + if (xfs_have_compat_bstat_time32(XFS_IOC_SWAPEXT)) {
if (!xfs_have...()) ?
--D
> + error = -EINVAL;
> + goto out;
> + }
> +
> /* Pull information for the target fd */
> f = fdget((int)sxp->sx_fdtarget);
> if (!f.file) {
> --
> 2.20.0
>
Powered by blists - more mailing lists