lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200507191227.GA16101@rabbit.intern.cm-ag>
Date:   Thu, 7 May 2020 21:12:27 +0200
From:   Max Kellermann <mk@...all.com>
To:     Jens Axboe <axboe@...nel.dk>
Cc:     Al Viro <viro@...iv.linux.org.uk>, Max Kellermann <mk@...all.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] fs/io_uring: fix O_PATH fds in openat, openat2, statx

On 2020/05/07 21:05, Jens Axboe <axboe@...nel.dk> wrote:
> On 5/7/20 1:01 PM, Al Viro wrote:
> > On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote:
> >> If an operation's flag `needs_file` is set, the function
> >> io_req_set_file() calls io_file_get() to obtain a `struct file*`.
> >>
> >> This fails for `O_PATH` file descriptors, because those have no
> >> `struct file*`
> > 
> > O_PATH descriptors most certainly *do* have that.  What the hell
> > are you talking about?
> 
> Yeah, hence I was interested in the test case. Since this is
> bypassing that part, was assuming we'd have some logic error
> that attempted a file grab for a case where we shouldn't.

Reproduce this by patching liburing/test/lfs-openat.c:

-       int dfd = open("/tmp", O_RDONLY | O_DIRECTORY);
+       int dfd = open("/tmp", O_PATH);

 $ ./test/lfs-openat
 io_uring openat failed: Bad file descriptor

GH PR: https://github.com/axboe/liburing/pull/130

Max

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ