| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ce553e2b-0a13-08ee-283c-bc749e41ca61@amazon.com>
Date: Fri, 16 Sep 2022 14:19:29 +0300
From: "Farber, Eliav" <farbere@...zon.com>
To: Alexey Dobriyan <adobriyan@...il.com>,
<linux-kernel@...r.kernel.org>
CC: <yangyicong@...ilicon.com>, <viro@...iv.linux.org.uk>,
<jonnyc@...zon.com>, <hhhawa@...zon.com>,
<andriy.shevchenko@...el.com>, <akpm@...ux-foundation.org>,
"Farber, Eliav" <farbere@...zon.com>
Subject: Re: + libfs-fix-error-format-in-simple_attr_write.patch added to
mm-nonmm-unstable branch
On 9/16/2022 9:11 AM, Alexey Dobriyan wrote:
> On Thu, Sep 15, 2022 at 02:34:25PM -0700, Andrew Morton wrote:
>> libfs-fix-error-format-in-simple_attr_write.patch
>
>> From: Eliav Farber <farbere@...zon.com>
>> Subject: libfs: fix error format in simple_attr_write()
>> Date: Thu, 15 Sep 2022 09:15:44 +0000
>>
>> In commit 488dac0c9237 ("libfs: fix error cast of negative value in
>> simple_attr_write()"), simple_attr_write() was changed to use
>> kstrtoull()
>> instead of simple_strtoll() to convert a string got from a user. A user
>> trying to set a negative value will get an error.
>>
>> This is wrong since it breaks all the places that use
>> DEFINE_DEBUGFS_ATTRIBUTE() with format of a signed integer.
>>
>> For the record there are 43 current users of signed integer which are
>> likely to be effected by this:
>>
>> $ git grep -n -A1 -w DEFINE_DEBUGFS_ATTRIBUTE | grep ');' |
>> sed 's,.*\(".*%.*"\).*,\1,' | sort | uniq -c
>> 1 "%08llx\n"
>> 5 "0x%016llx\n"
>> 5 "0x%02llx\n"
>> 5 "0x%04llx\n"
>> 13 "0x%08llx\n"
>> 1 "0x%4.4llx\n"
>> 3 "0x%.4llx\n"
>> 4 "0x%llx\n"
>> 1 "%1lld\n"
>> 40 "%lld\n"
>> 2 "%lli\n"
>> 129 "%llu\n"
>> 1 "%#llx\n"
>> 2 "%llx\n"
>>
>> u64 is not an issue for negative numbers.
>> The %lld and %llu in any case are for 64-bit value, representing it as
>> unsigned simplifies the generic code, but it doesn't mean we can't keep
>> their signed value if we know that.
>>
>> This change uses sscanf() to fix the problem since it does the
>> conversion
>> based on the supplied format string.
>
>> --- a/fs/libfs.c~libfs-fix-error-format-in-simple_attr_write
>> +++ a/fs/libfs.c
>> @@ -1017,9 +1017,12 @@ ssize_t simple_attr_write(struct file *f
>> goto out;
>>
>> attr->set_buf[size] = '\0';
>> - ret = kstrtoull(attr->set_buf, 0, &val);
>> - if (ret)
>> + ret = sscanf(attr->set_buf, attr->fmt, &val);
>> + if (ret != 1) {
>> + ret = -EINVAL;
>> goto out;
>> + }
>> +
>> ret = attr->set(attr->data, val);
>> if (ret == 0)
>> ret = len; /* on success, claim we got the whole input */
>
> No scanf please. Just revert original patch if something broke.
>
> scanf may be tolerable if it is just one format conversion but it is
> disaster as an interface.
If I revert original patch I get this checkpatch warning:
"WARNING: simple_strtoll is obsolete, use kstrtoll instead".
Should I still revert the original patch as is, or send a new patch that
fixes the issue by using kstrtoll()?
--
Thanks, Eliav
Powered by blists - more mailing lists