| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 30 May 2023 21:14:53 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: chris hyser <chris.hyser@...cle.com>
Cc: linux-kernel@...r.kernel.org, peterz@...radead.org,
"Rafael J. Wysocki" <rafael@...nel.org>
Subject: Re: [PATCH 1/4] debugfs: return EINVAL if write to unsigned simple
files exceed storage.
On Tue, May 30, 2023 at 03:40:09PM -0400, chris hyser wrote:
> Writes to the debug files created by "debugfs_create_*" (u8/u16/u32/u64),
> (x8/x16/x32/x64) should not silently succeed if the value exceeds the
> storage space for the type and upper written bits are lost. Absent an
> error, a read should return the last written value. Current behaviour is
> to down cast the storage type thus losing upper bits (thus u64/x64
> files are unaffected).
>
> This patch ensures the written value fits into the specified storage space
> returning EINVAL on error.
>
> Signed-off-by: Chris Hyser <chris.hyser@...cle.com>
> ---
> Documentation/filesystems/debugfs.rst | 7 ++++---
> fs/debugfs/file.c | 6 ++++++
> 2 files changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/Documentation/filesystems/debugfs.rst b/Documentation/filesystems/debugfs.rst
> index dc35da8b8792..6f1ac8d7f108 100644
> --- a/Documentation/filesystems/debugfs.rst
> +++ b/Documentation/filesystems/debugfs.rst
> @@ -85,9 +85,10 @@ created with any of::
> struct dentry *parent, u64 *value);
>
> These files support both reading and writing the given value; if a specific
> -file should not be written to, simply set the mode bits accordingly. The
> -values in these files are in decimal; if hexadecimal is more appropriate,
> -the following functions can be used instead::
> +file should not be written to, simply set the mode bits accordingly. Written
> +values that exceed the storage for the type return EINVAL. The values in these
> +files are in decimal; if hexadecimal is more appropriate, the following
> +functions can be used instead::
>
> void debugfs_create_x8(const char *name, umode_t mode,
> struct dentry *parent, u8 *value);
> diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
> index 1f971c880dde..743ddd04f8d8 100644
> --- a/fs/debugfs/file.c
> +++ b/fs/debugfs/file.c
> @@ -429,6 +429,8 @@ static struct dentry *debugfs_create_mode_unsafe(const char *name, umode_t mode,
>
> static int debugfs_u8_set(void *data, u64 val)
> {
> + if (val > (1 << sizeof(u8) * 8) - 1)
> + return -EINVAL;
We do have U8_MAX and friends, please don't reinvent the wheel.
But really, why? This is debugfs, if userspace messes something up like
this, why not just cast and be done with it?
In other words, what existing workflow is now going to break with this
patchset? :)
thanks,
greg k-h
Powered by blists - more mailing lists