| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210629123533.1191246-1-christian.brauner@ubuntu.com>
Date: Tue, 29 Jun 2021 14:35:33 +0200
From: Christian Brauner <christian.brauner@...ntu.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [GIT PULL] openat2 fixes
Hi Linus,
/* Summary */
- Remove the unused VALID_UPGRADE_FLAGS define we carried from an extension to
openat2() that we haven't merged. Aleksa might be getting back to it at some
point but just not right now.
- openat2() used to accidently ignore unknown flag values in the upper 32 bits.
The new openat2() syscall verifies that no unknown O-flag values are set and
returns an error to userspace if they are while the older open syscalls like
open() and openat() simply ignore unknown flag values:
#define O_FLAG_CURRENTLY_INVALID (1 << 31)
struct open_how how = {
.flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID,
.resolve = 0,
};
/* fails */
fd = openat2(-EBADF, "/dev/null", &how, sizeof(how));
/* succeeds */
fd = openat(-EBADF, "/dev/null", O_RDONLY | O_FLAG_CURRENTLY_INVALID);
However, openat2() silently truncates the upper 32 bits meaning:
#define O_FLAG_CURRENTLY_INVALID_LOWER32 (1 << 31)
#define O_FLAG_CURRENTLY_INVALID_UPPER32 (1 << 40)
struct open_how how_lowe32 = {
.flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID_LOWER32,
};
struct open_how how_upper32 = {
.flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID_UPPER32,
};
/* fails */
fd = openat2(-EBADF, "/dev/null", &how_lower32, sizeof(how_lower32));
/* succeeds */
fd = openat2(-EBADF, "/dev/null", &how_upper32, sizeof(how_upper32));
Fix this by preventing the immediate truncation in build_open_flags() and add a
compile-time check to catch when we add flags in the upper 32 bit range.
/* Testing */
All patches are based on v5.13-rc3 and have been sitting in linux-next. No
build failures or warnings were observed. All old and new tests are passing.
/* Conflicts */
At the time of creating this PR no merge conflicts were reported from
linux-next and no merge conflicts showed up doing a test-merge with current
mainline.
The following changes since commit c4681547bcce777daf576925a966ffa824edd09d:
Linux 5.13-rc3 (2021-05-23 11:42:48 -1000)
are available in the Git repository at:
git@...olite.kernel.org:pub/scm/linux/kernel/git/brauner/linux tags/fs.openat2.unknown_flags.v5.14
for you to fetch changes up to 15845cbcd12a571869c6703892427f9e5839d5fb:
test: add openat2() test for invalid upper 32 bit flag value (2021-05-28 17:44:37 +0200)
Please consider pulling these changes from the signed fs.openat2.unknown_flags.v5.14 tag.
Thanks!
Christian
----------------------------------------------------------------
fs.openat2.unknown_flags.v5.14
----------------------------------------------------------------
Christian Brauner (3):
fcntl: remove unused VALID_UPGRADE_FLAGS
open: don't silently ignore unknown O-flags in openat2()
test: add openat2() test for invalid upper 32 bit flag value
fs/open.c | 14 +++++++++++---
include/linux/fcntl.h | 4 ----
tools/testing/selftests/openat2/openat2_test.c | 7 ++++++-
3 files changed, 17 insertions(+), 8 deletions(-)
Powered by blists - more mailing lists