[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK8P3a2VDH9-reuj8QTkFzbaU9XTUEOWFCmCVg1Snb6RjD6mHw@mail.gmail.com>
Date: Tue, 16 Mar 2021 19:53:06 +0100
From: Arnd Bergmann <arnd@...nel.org>
To: Alessio Balsini <balsini@...roid.com>
Cc: Miklos Szeredi <miklos@...redi.hu>,
Akilesh Kailash <akailash@...gle.com>,
Amir Goldstein <amir73il@...il.com>,
Antonio SJ Musumeci <trapexit@...wn.link>,
David Anderson <dvander@...gle.com>,
Giuseppe Scrivano <gscrivan@...hat.com>,
Jann Horn <jannh@...gle.com>, Jens Axboe <axboe@...nel.dk>,
Martijn Coenen <maco@...roid.com>,
Palmer Dabbelt <palmer@...belt.com>,
Paul Lawrence <paullawrence@...gle.com>,
Peng Tao <bergwolf@...il.com>,
Stefano Duo <duostefano93@...il.com>,
Zimuzo Ezeozue <zezeozue@...gle.com>, wuyan <wu-yan@....com>,
fuse-devel@...ts.sourceforge.net,
Android Kernel Team <kernel-team@...roid.com>,
Linux FS-devel Mailing List <linux-fsdevel@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH RESEND V12 2/8] fuse: 32-bit user space ioctl compat for
fuse device
On Mon, Jan 25, 2021 at 4:48 PM Alessio Balsini <balsini@...roid.com> wrote:
>
> With a 64-bit kernel build the FUSE device cannot handle ioctl requests
> coming from 32-bit user space.
> This is due to the ioctl command translation that generates different
> command identifiers that thus cannot be used for direct comparisons
> without proper manipulation.
>
> Explicitly extract type and number from the ioctl command to enable
> 32-bit user space compatibility on 64-bit kernel builds.
>
> Signed-off-by: Alessio Balsini <balsini@...roid.com>
I saw this commit go into the mainline kernel, and I'm worried that this
doesn't do what the description says. Since the argument is a 'uint32_t',
it is the same on both 32-bit and 64-bit user space, and the patch won't
make any difference for compat mode, as long as that is using the normal
uapi headers.
If there is any user space that has a different definition of
FUSE_DEV_IOC_CLONE, that may now successfully call
this ioctl command, but the kernel will now also accept any other
command code that has the same type and number, but an
arbitrary direction or size argument.
I think this should be changed back to specifically allow the
command code(s) that are actually used and nothing else.
Arnd
Powered by blists - more mailing lists