| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d41e3238-d7d9-16f8-38bd-2608844d7831@acm.org>
Date: Sat, 9 Apr 2022 14:33:45 -0700
From: Bart Van Assche <bvanassche@....org>
To: Khazhismel Kumykov <khazhy@...gle.com>,
Jens Axboe <axboe@...nel.dk>
Cc: linux-block@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] block/compat_ioctl: fix range check in BLKGETSIZE
On 4/8/22 16:47, Khazhismel Kumykov wrote:
> kernel ulong and compat_ulong_t may not be same width. Use type directly
> to eliminate mismatches.
>
> This would result in truncation rather than EFBIG for 32bit mode for
> large disks.
>
> Signed-off-by: Khazhismel Kumykov <khazhy@...gle.com>
> ---
> block/ioctl.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> Noticed this one was sitting in my "not landed yet" pile, third time's
> the charm? :)
>
> diff --git a/block/ioctl.c b/block/ioctl.c
> index 4a86340133e4..959e93a90b29 100644
> --- a/block/ioctl.c
> +++ b/block/ioctl.c
> @@ -629,7 +629,7 @@ long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg)
> return compat_put_long(argp,
> (bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512);
> case BLKGETSIZE:
> - if (bdev_nr_sectors(bdev) > ~0UL)
> + if (bdev_nr_sectors(bdev) > ~((compat_ulong_t)0UL))
> return -EFBIG;
> return compat_put_ulong(argp, bdev_nr_sectors(bdev));
A nit: the "UL" and two parentheses can be left out. Anyway:
Reviewed-by: Bart Van Assche <bvanassche@....org>
Powered by blists - more mailing lists