| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 31 May 2023 15:11:47 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Luís Henriques <lhenriques@...e.de>
Cc: Luís Henriques via Ocfs2-devel
<ocfs2-devel@....oracle.com>, Mark Fasheh <mark@...heh.com>,
Joel Becker <jlbec@...lplan.org>,
Joseph Qi <joseph.qi@...ux.alibaba.com>,
Heming Zhao <heming.zhao@...e.com>,
linux-kernel@...r.kernel.org
Subject: Re: [Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate
call
On Mon, 29 May 2023 16:26:45 +0100 Luís Henriques via Ocfs2-devel <ocfs2-devel@....oracle.com> wrote:
> When changing a file size with fallocate() the new size isn't being
> checked. In particular, the FSIZE ulimit isn't being checked, which makes
> fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes
> this issue.
>
> ...
>
> --- a/fs/ocfs2/file.c
> +++ b/fs/ocfs2/file.c
> @@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file *file, int mode, loff_t offset,
> struct ocfs2_space_resv sr;
> int change_size = 1;
> int cmd = OCFS2_IOC_RESVSP64;
> + int ret = 0;
>
> if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
> return -EOPNOTSUPP;
> if (!ocfs2_writes_unwritten_extents(osb))
> return -EOPNOTSUPP;
>
> - if (mode & FALLOC_FL_KEEP_SIZE)
> + if (mode & FALLOC_FL_KEEP_SIZE) {
> change_size = 0;
> + } else {
> + ret = inode_newsize_ok(inode, offset + len);
> + if (ret)
> + return ret;
> + }
>
So userspace can exceed rlimit(RLIMIT_FSIZE).
Do we think this flaw is serious enough to justify backporting the fix
into earlier -stable kernels?
Powered by blists - more mailing lists