lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 16 Sep 2022 14:19:29 +0300 From: "Farber, Eliav" <farbere@...zon.com> To: Alexey Dobriyan <adobriyan@...il.com>, <linux-kernel@...r.kernel.org> CC: <yangyicong@...ilicon.com>, <viro@...iv.linux.org.uk>, <jonnyc@...zon.com>, <hhhawa@...zon.com>, <andriy.shevchenko@...el.com>, <akpm@...ux-foundation.org>, "Farber, Eliav" <farbere@...zon.com> Subject: Re: + libfs-fix-error-format-in-simple_attr_write.patch added to mm-nonmm-unstable branch On 9/16/2022 9:11 AM, Alexey Dobriyan wrote: > On Thu, Sep 15, 2022 at 02:34:25PM -0700, Andrew Morton wrote: >> libfs-fix-error-format-in-simple_attr_write.patch > >> From: Eliav Farber <farbere@...zon.com> >> Subject: libfs: fix error format in simple_attr_write() >> Date: Thu, 15 Sep 2022 09:15:44 +0000 >> >> In commit 488dac0c9237 ("libfs: fix error cast of negative value in >> simple_attr_write()"), simple_attr_write() was changed to use >> kstrtoull() >> instead of simple_strtoll() to convert a string got from a user. A user >> trying to set a negative value will get an error. >> >> This is wrong since it breaks all the places that use >> DEFINE_DEBUGFS_ATTRIBUTE() with format of a signed integer. >> >> For the record there are 43 current users of signed integer which are >> likely to be effected by this: >> >> $ git grep -n -A1 -w DEFINE_DEBUGFS_ATTRIBUTE | grep ');' | >> sed 's,.*\(".*%.*"\).*,\1,' | sort | uniq -c >> 1 "%08llx\n" >> 5 "0x%016llx\n" >> 5 "0x%02llx\n" >> 5 "0x%04llx\n" >> 13 "0x%08llx\n" >> 1 "0x%4.4llx\n" >> 3 "0x%.4llx\n" >> 4 "0x%llx\n" >> 1 "%1lld\n" >> 40 "%lld\n" >> 2 "%lli\n" >> 129 "%llu\n" >> 1 "%#llx\n" >> 2 "%llx\n" >> >> u64 is not an issue for negative numbers. >> The %lld and %llu in any case are for 64-bit value, representing it as >> unsigned simplifies the generic code, but it doesn't mean we can't keep >> their signed value if we know that. >> >> This change uses sscanf() to fix the problem since it does the >> conversion >> based on the supplied format string. > >> --- a/fs/libfs.c~libfs-fix-error-format-in-simple_attr_write >> +++ a/fs/libfs.c >> @@ -1017,9 +1017,12 @@ ssize_t simple_attr_write(struct file *f >> goto out; >> >> attr->set_buf[size] = '\0'; >> - ret = kstrtoull(attr->set_buf, 0, &val); >> - if (ret) >> + ret = sscanf(attr->set_buf, attr->fmt, &val); >> + if (ret != 1) { >> + ret = -EINVAL; >> goto out; >> + } >> + >> ret = attr->set(attr->data, val); >> if (ret == 0) >> ret = len; /* on success, claim we got the whole input */ > > No scanf please. Just revert original patch if something broke. > > scanf may be tolerable if it is just one format conversion but it is > disaster as an interface. If I revert original patch I get this checkpatch warning: "WARNING: simple_strtoll is obsolete, use kstrtoll instead". Should I still revert the original patch as is, or send a new patch that fixes the issue by using kstrtoll()? -- Thanks, Eliav
Powered by blists - more mailing lists