lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 16 Sep 2022 14:19:29 +0300
From:   "Farber, Eliav" <farbere@...zon.com>
To:     Alexey Dobriyan <adobriyan@...il.com>,
        <linux-kernel@...r.kernel.org>
CC:     <yangyicong@...ilicon.com>, <viro@...iv.linux.org.uk>,
        <jonnyc@...zon.com>, <hhhawa@...zon.com>,
        <andriy.shevchenko@...el.com>, <akpm@...ux-foundation.org>,
        "Farber, Eliav" <farbere@...zon.com>
Subject: Re: + libfs-fix-error-format-in-simple_attr_write.patch added to
 mm-nonmm-unstable branch

On 9/16/2022 9:11 AM, Alexey Dobriyan wrote:
> On Thu, Sep 15, 2022 at 02:34:25PM -0700, Andrew Morton wrote:
>> libfs-fix-error-format-in-simple_attr_write.patch
>
>> From: Eliav Farber <farbere@...zon.com>
>> Subject: libfs: fix error format in simple_attr_write()
>> Date: Thu, 15 Sep 2022 09:15:44 +0000
>>
>> In commit 488dac0c9237 ("libfs: fix error cast of negative value in
>> simple_attr_write()"), simple_attr_write() was changed to use 
>> kstrtoull()
>> instead of simple_strtoll() to convert a string got from a user.  A user
>> trying to set a negative value will get an error.
>>
>> This is wrong since it breaks all the places that use
>> DEFINE_DEBUGFS_ATTRIBUTE() with format of a signed integer.
>>
>> For the record there are 43 current users of signed integer which are
>> likely to be effected by this:
>>
>> $ git grep -n -A1 -w DEFINE_DEBUGFS_ATTRIBUTE | grep ');' |
>> sed 's,.*\(".*%.*"\).*,\1,' | sort | uniq -c
>>   1 "%08llx\n"
>>   5 "0x%016llx\n"
>>   5 "0x%02llx\n"
>>   5 "0x%04llx\n"
>>  13 "0x%08llx\n"
>>   1 "0x%4.4llx\n"
>>   3 "0x%.4llx\n"
>>   4 "0x%llx\n"
>>   1 "%1lld\n"
>>  40 "%lld\n"
>>   2 "%lli\n"
>> 129 "%llu\n"
>>   1 "%#llx\n"
>>   2 "%llx\n"
>>
>> u64 is not an issue for negative numbers.
>> The %lld and %llu in any case are for 64-bit value, representing it as
>> unsigned simplifies the generic code, but it doesn't mean we can't keep
>> their signed value if we know that.
>>
>> This change uses sscanf() to fix the problem since it does the 
>> conversion
>> based on the supplied format string.
>
>> --- a/fs/libfs.c~libfs-fix-error-format-in-simple_attr_write
>> +++ a/fs/libfs.c
>> @@ -1017,9 +1017,12 @@ ssize_t simple_attr_write(struct file *f
>>               goto out;
>>
>>       attr->set_buf[size] = '\0';
>> -     ret = kstrtoull(attr->set_buf, 0, &val);
>> -     if (ret)
>> +     ret = sscanf(attr->set_buf, attr->fmt, &val);
>> +     if (ret != 1) {
>> +             ret = -EINVAL;
>>               goto out;
>> +     }
>> +
>>       ret = attr->set(attr->data, val);
>>       if (ret == 0)
>>               ret = len; /* on success, claim we got the whole input */
>
> No scanf please. Just revert original patch if something broke.
>
> scanf may be tolerable if it is just one format conversion but it is
> disaster as an interface.


If I revert original patch I get this checkpatch warning:
"WARNING: simple_strtoll is obsolete, use kstrtoll instead".

Should I still revert the original patch as is, or send a new patch that
fixes the issue by using kstrtoll()?

--
Thanks, Eliav

Powered by blists - more mailing lists