lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 5 Aug 2021 12:26:39 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Sven Schnelle <svens@...ux.ibm.com>,
        Alexey Gladkov <legion@...nel.org>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] ucounts: add missing data type changes

On 8/5/2021 9:48 AM, Eric W. Biederman wrote:
> Nathan Chancellor <nathan@...nel.org> writes:
> 
>> Hi Eric,
>>
>> On 8/4/2021 12:47 PM, Eric W. Biederman wrote:
>>> Nathan Chancellor <nathan@...nel.org> writes:
>>>
>>>> On Fri, Jul 30, 2021 at 08:28:54AM +0200, Sven Schnelle wrote:
>>>>> commit f9c82a4ea89c3 ("Increase size of ucounts to atomic_long_t")
>>>>> changed the data type of ucounts/ucounts_max to long, but missed to
>>>>> adjust a few other places. This is noticeable on big endian platforms
>>>>> from user space because the /proc/sys/user/max_*_names files all
>>>>> contain 0.
>>>>>
>>>>> Fixes: f9c82a4ea89c ("Increase size of ucounts to atomic_long_t")
>>>>> Signed-off-by: Sven Schnelle <svens@...ux.ibm.com>
>>>>
>>>> This patch in -next as commit e43fc41d1f7f ("ucounts: add missing data type
>>>> changes") causes Windows Subsystem for Linux to fail to start:
>>>>
>>>> [error 0x8007010b when launching `wsl.exe -d Arch'] Could not access starting
>>>> directory "\\wsl$\Arch\home\nathan"
>>>>
>>>> Specifically, it is the change to max_user_watches in
>>>> fs/notify/inotify/inotify_user.c, as the below diff gets me back to working.
>>>> Unfortunately, I have no additional information to offer beyond that as WSL's
>>>> init is custom and closed source (as far as I am aware) and there are no real
>>>> debugging utilities.
>>>
>>> Could you try this patch and tell us what value is being set?
>>>
>>> The only think I can imagine is that someone wants unlimited watches and
>>> sets the value to a ridiculously large value and the interpretation of
>>> that value winds up being different between int and long.
>>>
>>> This should allow you to read either dmesg or the kernel's log as it
>>> boots up and see what value is being written.  From there it should
>>> be relatively straight forward to figure out what is going on.
>>
>> I applied this diff on top of mine and running 'dmesg |& grep intvec' shows:
>>
>> [    0.282500] intvec: dmesg_restrict <- 0
>> [    0.282510] intvec: max_user_watches <- 524288
>>
>> This seems much smaller than INT_MAX so I am not sure how the value could be
>> different between int and long but I am not at all familiar with the sysctl
>> code.
>>
>> More than happy to continue to test debug patches or provide any additional
>> information as I can.
> 
> Yes.  Very strange.
> 
> Could you perhaps try the instrumenting proc_doulongvec_minmax the same
> way and see what is written in the failing case?
> 
> While looking at the code I did see one other serious bug.  The min and
> max values are int constants intstead of long constants.
> 
> Could you test the change below and see if it makes a difference?

That indeed fixes the issue! I assume you will squash it into the 
original commit but if not, feel free to add:

Tested-by: Nathan Chancellor <nathan@...nel.org>

> Eric
> 
> 
> diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
> index 6576657a1a25..28b67cb9458d 100644
> --- a/fs/notify/fanotify/fanotify_user.c
> +++ b/fs/notify/fanotify/fanotify_user.c
> @@ -54,6 +54,9 @@ static int fanotify_max_queued_events __read_mostly;
>   
>   #include <linux/sysctl.h>
>   
> +static long ft_zero = 0;
> +static long ft_int_max = INT_MAX;
> +
>   struct ctl_table fanotify_table[] = {
>   	{
>   		.procname	= "max_user_groups",
> @@ -61,8 +64,8 @@ struct ctl_table fanotify_table[] = {
>   		.maxlen		= sizeof(long),
>   		.mode		= 0644,
>   		.proc_handler	= proc_doulongvec_minmax,
> -		.extra1		= SYSCTL_ZERO,
> -		.extra2		= SYSCTL_INT_MAX,
> +		.extra1		= &ft_zero,
> +		.extra2		= &ft_int_max,
>   	},
>   	{
>   		.procname	= "max_user_marks",
> @@ -70,8 +73,8 @@ struct ctl_table fanotify_table[] = {
>   		.maxlen		= sizeof(long),
>   		.mode		= 0644,
>   		.proc_handler	= proc_doulongvec_minmax,
> -		.extra1		= SYSCTL_ZERO,
> -		.extra2		= SYSCTL_INT_MAX,
> +		.extra1		= &ft_zero,
> +		.extra2		= &ft_int_max,
>   	},
>   	{
>   		.procname	= "max_queued_events",
> diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
> index 55fe7cdea2fb..62051247f6d2 100644
> --- a/fs/notify/inotify/inotify_user.c
> +++ b/fs/notify/inotify/inotify_user.c
> @@ -55,6 +55,9 @@ struct kmem_cache *inotify_inode_mark_cachep __read_mostly;
>   
>   #include <linux/sysctl.h>
>   
> +static long it_zero = 0;
> +static long it_int_max = INT_MAX;
> +
>   struct ctl_table inotify_table[] = {
>   	{
>   		.procname	= "max_user_instances",
> @@ -62,8 +65,8 @@ struct ctl_table inotify_table[] = {
>   		.maxlen		= sizeof(long),
>   		.mode		= 0644,
>   		.proc_handler	= proc_doulongvec_minmax,
> -		.extra1		= SYSCTL_ZERO,
> -		.extra2		= SYSCTL_INT_MAX,
> +		.extra1		= &it_zero,
> +		.extra2		= &it_int_max,
>   	},
>   	{
>   		.procname	= "max_user_watches",
> @@ -71,8 +74,8 @@ struct ctl_table inotify_table[] = {
>   		.maxlen		= sizeof(long),
>   		.mode		= 0644,
>   		.proc_handler	= proc_doulongvec_minmax,
> -		.extra1		= SYSCTL_ZERO,
> -		.extra2		= SYSCTL_INT_MAX,
> +		.extra1		= &it_zero,
> +		.extra2		= &it_int_max,
>   	},
>   	{
>   		.procname	= "max_queued_events",
> diff --git a/kernel/ucount.c b/kernel/ucount.c
> index 260ae7da815f..bb51849e6375 100644
> --- a/kernel/ucount.c
> +++ b/kernel/ucount.c
> @@ -58,14 +58,17 @@ static struct ctl_table_root set_root = {
>   	.permissions = set_permissions,
>   };
>   
> +static long ue_zero = 0;
> +static long ue_int_max = INT_MAX;
> +
>   #define UCOUNT_ENTRY(name)					\
>   	{							\
>   		.procname	= name,				\
>   		.maxlen		= sizeof(long),			\
>   		.mode		= 0644,				\
>   		.proc_handler	= proc_doulongvec_minmax,	\
> -		.extra1		= SYSCTL_ZERO,			\
> -		.extra2		= SYSCTL_INT_MAX,		\
> +		.extra1		= &ue_zero,			\
> +		.extra2		= &ue_int_max,			\
>   	}
>   static struct ctl_table user_table[] = {
>   	UCOUNT_ENTRY("max_user_namespaces"),
> 
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ