| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87v94jalck.fsf@disp2133>
Date: Thu, 05 Aug 2021 11:48:43 -0500
From: ebiederm@...ssion.com (Eric W. Biederman)
To: Nathan Chancellor <nathan@...nel.org>
Cc: Sven Schnelle <svens@...ux.ibm.com>,
Alexey Gladkov <legion@...nel.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3] ucounts: add missing data type changes
Nathan Chancellor <nathan@...nel.org> writes:
> Hi Eric,
>
> On 8/4/2021 12:47 PM, Eric W. Biederman wrote:
>> Nathan Chancellor <nathan@...nel.org> writes:
>>
>>> On Fri, Jul 30, 2021 at 08:28:54AM +0200, Sven Schnelle wrote:
>>>> commit f9c82a4ea89c3 ("Increase size of ucounts to atomic_long_t")
>>>> changed the data type of ucounts/ucounts_max to long, but missed to
>>>> adjust a few other places. This is noticeable on big endian platforms
>>>> from user space because the /proc/sys/user/max_*_names files all
>>>> contain 0.
>>>>
>>>> Fixes: f9c82a4ea89c ("Increase size of ucounts to atomic_long_t")
>>>> Signed-off-by: Sven Schnelle <svens@...ux.ibm.com>
>>>
>>> This patch in -next as commit e43fc41d1f7f ("ucounts: add missing data type
>>> changes") causes Windows Subsystem for Linux to fail to start:
>>>
>>> [error 0x8007010b when launching `wsl.exe -d Arch'] Could not access starting
>>> directory "\\wsl$\Arch\home\nathan"
>>>
>>> Specifically, it is the change to max_user_watches in
>>> fs/notify/inotify/inotify_user.c, as the below diff gets me back to working.
>>> Unfortunately, I have no additional information to offer beyond that as WSL's
>>> init is custom and closed source (as far as I am aware) and there are no real
>>> debugging utilities.
>>
>> Could you try this patch and tell us what value is being set?
>>
>> The only think I can imagine is that someone wants unlimited watches and
>> sets the value to a ridiculously large value and the interpretation of
>> that value winds up being different between int and long.
>>
>> This should allow you to read either dmesg or the kernel's log as it
>> boots up and see what value is being written. From there it should
>> be relatively straight forward to figure out what is going on.
>
> I applied this diff on top of mine and running 'dmesg |& grep intvec' shows:
>
> [ 0.282500] intvec: dmesg_restrict <- 0
> [ 0.282510] intvec: max_user_watches <- 524288
>
> This seems much smaller than INT_MAX so I am not sure how the value could be
> different between int and long but I am not at all familiar with the sysctl
> code.
>
> More than happy to continue to test debug patches or provide any additional
> information as I can.
Yes. Very strange.
Could you perhaps try the instrumenting proc_doulongvec_minmax the same
way and see what is written in the failing case?
While looking at the code I did see one other serious bug. The min and
max values are int constants intstead of long constants.
Could you test the change below and see if it makes a difference?
Eric
diff --git a/fs/notify/fanotify/fanotify_user.c b/fs/notify/fanotify/fanotify_user.c
index 6576657a1a25..28b67cb9458d 100644
--- a/fs/notify/fanotify/fanotify_user.c
+++ b/fs/notify/fanotify/fanotify_user.c
@@ -54,6 +54,9 @@ static int fanotify_max_queued_events __read_mostly;
#include <linux/sysctl.h>
+static long ft_zero = 0;
+static long ft_int_max = INT_MAX;
+
struct ctl_table fanotify_table[] = {
{
.procname = "max_user_groups",
@@ -61,8 +64,8 @@ struct ctl_table fanotify_table[] = {
.maxlen = sizeof(long),
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
- .extra1 = SYSCTL_ZERO,
- .extra2 = SYSCTL_INT_MAX,
+ .extra1 = &ft_zero,
+ .extra2 = &ft_int_max,
},
{
.procname = "max_user_marks",
@@ -70,8 +73,8 @@ struct ctl_table fanotify_table[] = {
.maxlen = sizeof(long),
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
- .extra1 = SYSCTL_ZERO,
- .extra2 = SYSCTL_INT_MAX,
+ .extra1 = &ft_zero,
+ .extra2 = &ft_int_max,
},
{
.procname = "max_queued_events",
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 55fe7cdea2fb..62051247f6d2 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -55,6 +55,9 @@ struct kmem_cache *inotify_inode_mark_cachep __read_mostly;
#include <linux/sysctl.h>
+static long it_zero = 0;
+static long it_int_max = INT_MAX;
+
struct ctl_table inotify_table[] = {
{
.procname = "max_user_instances",
@@ -62,8 +65,8 @@ struct ctl_table inotify_table[] = {
.maxlen = sizeof(long),
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
- .extra1 = SYSCTL_ZERO,
- .extra2 = SYSCTL_INT_MAX,
+ .extra1 = &it_zero,
+ .extra2 = &it_int_max,
},
{
.procname = "max_user_watches",
@@ -71,8 +74,8 @@ struct ctl_table inotify_table[] = {
.maxlen = sizeof(long),
.mode = 0644,
.proc_handler = proc_doulongvec_minmax,
- .extra1 = SYSCTL_ZERO,
- .extra2 = SYSCTL_INT_MAX,
+ .extra1 = &it_zero,
+ .extra2 = &it_int_max,
},
{
.procname = "max_queued_events",
diff --git a/kernel/ucount.c b/kernel/ucount.c
index 260ae7da815f..bb51849e6375 100644
--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -58,14 +58,17 @@ static struct ctl_table_root set_root = {
.permissions = set_permissions,
};
+static long ue_zero = 0;
+static long ue_int_max = INT_MAX;
+
#define UCOUNT_ENTRY(name) \
{ \
.procname = name, \
.maxlen = sizeof(long), \
.mode = 0644, \
.proc_handler = proc_doulongvec_minmax, \
- .extra1 = SYSCTL_ZERO, \
- .extra2 = SYSCTL_INT_MAX, \
+ .extra1 = &ue_zero, \
+ .extra2 = &ue_int_max, \
}
static struct ctl_table user_table[] = {
UCOUNT_ENTRY("max_user_namespaces"),
Powered by blists - more mailing lists