| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 May 2020 21:12:27 +0200
From: Max Kellermann <mk@...all.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: Al Viro <viro@...iv.linux.org.uk>, Max Kellermann <mk@...all.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
stable@...r.kernel.org
Subject: Re: [PATCH] fs/io_uring: fix O_PATH fds in openat, openat2, statx
On 2020/05/07 21:05, Jens Axboe <axboe@...nel.dk> wrote:
> On 5/7/20 1:01 PM, Al Viro wrote:
> > On Thu, May 07, 2020 at 08:57:25PM +0200, Max Kellermann wrote:
> >> If an operation's flag `needs_file` is set, the function
> >> io_req_set_file() calls io_file_get() to obtain a `struct file*`.
> >>
> >> This fails for `O_PATH` file descriptors, because those have no
> >> `struct file*`
> >
> > O_PATH descriptors most certainly *do* have that. What the hell
> > are you talking about?
>
> Yeah, hence I was interested in the test case. Since this is
> bypassing that part, was assuming we'd have some logic error
> that attempted a file grab for a case where we shouldn't.
Reproduce this by patching liburing/test/lfs-openat.c:
- int dfd = open("/tmp", O_RDONLY | O_DIRECTORY);
+ int dfd = open("/tmp", O_PATH);
$ ./test/lfs-openat
io_uring openat failed: Bad file descriptor
GH PR: https://github.com/axboe/liburing/pull/130
Max
Powered by blists - more mailing lists