| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 14 Apr 2023 16:24:57 +0100
From: Luca Vizzarro <Luca.Vizzarro@....com>
To: linux-kernel@...r.kernel.org
Cc: Luca Vizzarro <Luca.Vizzarro@....com>,
Alexander Viro <viro@...iv.linux.org.uk>,
Christian Brauner <brauner@...nel.org>,
Jeff Layton <jlayton@...nel.org>,
Chuck Lever <chuck.lever@...cle.com>,
Kevin Brodsky <Kevin.Brodsky@....com>,
Vincenzo Frascino <Vincenzo.Frascino@....com>,
Szabolcs Nagy <Szabolcs.Nagy@....com>,
"Theodore Ts'o" <tytso@....edu>,
David Laight <David.Laight@...LAB.com>,
Mark Rutland <Mark.Rutland@....com>,
linux-fsdevel@...r.kernel.org, linux-morello@...lists.linaro.org
Subject: [PATCH v2 3/5] pipe: Pass argument of pipe_fcntl as int
The interface for fcntl expects the argument passed for the command
F_SETPIPE_SZ to be of type int. The current code wrongly treats it as
a long. In order to avoid access to undefined bits, we should explicitly
cast the argument to int.
Cc: Alexander Viro <viro@...iv.linux.org.uk>
Cc: Christian Brauner <brauner@...nel.org>
Cc: Jeff Layton <jlayton@...nel.org>
Cc: Chuck Lever <chuck.lever@...cle.com>
Cc: Kevin Brodsky <Kevin.Brodsky@....com>
Cc: Vincenzo Frascino <Vincenzo.Frascino@....com>
Cc: Szabolcs Nagy <Szabolcs.Nagy@....com>
Cc: "Theodore Ts'o" <tytso@....edu>
Cc: David Laight <David.Laight@...LAB.com>
Cc: Mark Rutland <Mark.Rutland@....com>
Cc: linux-fsdevel@...r.kernel.org
Cc: linux-morello@...lists.linaro.org
Signed-off-by: Luca Vizzarro <Luca.Vizzarro@....com>
---
fs/pipe.c | 6 +++---
include/linux/pipe_fs_i.h | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/pipe.c b/fs/pipe.c
index 42c7ff41c2db..5b718342105f 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -1231,7 +1231,7 @@ const struct file_operations pipefifo_fops = {
* Currently we rely on the pipe array holding a power-of-2 number
* of pages. Returns 0 on error.
*/
-unsigned int round_pipe_size(unsigned long size)
+unsigned int round_pipe_size(unsigned int size)
{
if (size > (1U << 31))
return 0;
@@ -1314,7 +1314,7 @@ int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots)
* Allocate a new array of pipe buffers and copy the info over. Returns the
* pipe size if successful, or return -ERROR on error.
*/
-static long pipe_set_size(struct pipe_inode_info *pipe, unsigned long arg)
+static long pipe_set_size(struct pipe_inode_info *pipe, unsigned int arg)
{
unsigned long user_bufs;
unsigned int nr_slots, size;
@@ -1382,7 +1382,7 @@ struct pipe_inode_info *get_pipe_info(struct file *file, bool for_splice)
return pipe;
}
-long pipe_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
+long pipe_fcntl(struct file *file, unsigned int cmd, unsigned int arg)
{
struct pipe_inode_info *pipe;
long ret;
diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h
index d2c3f16cf6b1..033d77f0c568 100644
--- a/include/linux/pipe_fs_i.h
+++ b/include/linux/pipe_fs_i.h
@@ -273,10 +273,10 @@ bool pipe_is_unprivileged_user(void);
#ifdef CONFIG_WATCH_QUEUE
int pipe_resize_ring(struct pipe_inode_info *pipe, unsigned int nr_slots);
#endif
-long pipe_fcntl(struct file *, unsigned int, unsigned long arg);
+long pipe_fcntl(struct file *, unsigned int, unsigned int arg);
struct pipe_inode_info *get_pipe_info(struct file *file, bool for_splice);
int create_pipe_files(struct file **, int);
-unsigned int round_pipe_size(unsigned long size);
+unsigned int round_pipe_size(unsigned int size);
#endif
--
2.34.1
Powered by blists - more mailing lists