lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2020 21:12:27 +0200 From: Max Kellermann <mk@...all.com> To: Jens Axboe <axboe@...nel.dk> Cc: Al Viro <viro@...iv.linux.org.uk>, Max Kellermann <mk@...all.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, stable@...r.kernel.org Subject: Re: [PATCH] fs/io_uring: fix O_PATH fds in openat, openat2, statx On 2020/05/07 21:05, Jens Axboe <axboe@...nel.dk> wrote: > On 5/7/20 1:01 PM, Al Viro wrote: > > On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote: > >> If an operation's flag `needs_file` is set, the function > >> io_req_set_file() calls io_file_get() to obtain a `struct file*`. > >> > >> This fails for `O_PATH` file descriptors, because those have no > >> `struct file*` > > > > O_PATH descriptors most certainly *do* have that. What the hell > > are you talking about? > > Yeah, hence I was interested in the test case. Since this is > bypassing that part, was assuming we'd have some logic error > that attempted a file grab for a case where we shouldn't. Reproduce this by patching liburing/test/lfs-openat.c: - int dfd = open("/tmp", O_RDONLY | O_DIRECTORY); + int dfd = open("/tmp", O_PATH); $ ./test/lfs-openat io_uring openat failed: Bad file descriptor GH PR: https://github.com/axboe/liburing/pull/130 Max
Powered by blists - more mailing lists