[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <7d56d190-b97c-f515-ebd0-c3790f11954@redhat.com>
Date: Thu, 22 Jun 2023 19:29:52 +0200 (CEST)
From: Mikulas Patocka <mpatocka@...hat.com>
To: Demi Marie Obenour <demi@...isiblethingslab.com>
cc: Alasdair Kergon <agk@...hat.com>,
Mike Snitzer <snitzer@...nel.org>, dm-devel@...hat.com,
linux-kernel@...r.kernel.org, stable@...r.kernel.org
Subject: Re: [dm-devel] [PATCH v2 1/6] device-mapper: Check that target specs
are sufficiently aligned
On Sat, 3 Jun 2023, Demi Marie Obenour wrote:
> Otherwise subsequent code will dereference a misaligned
> `struct dm_target_spec *`, which is undefined behavior.
>
> Signed-off-by: Demi Marie Obenour <demi@...isiblethingslab.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Cc: stable@...r.kernel.org
> ---
> drivers/md/dm-ioctl.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c
> index cc77cf3d410921432eb0c62cdede7d55b9aa674a..34fa74c6a70db8aa67aaba3f6a2fc4f38ef736bc 100644
> --- a/drivers/md/dm-ioctl.c
> +++ b/drivers/md/dm-ioctl.c
> @@ -1394,6 +1394,13 @@ static inline fmode_t get_mode(struct dm_ioctl *param)
> static int next_target(struct dm_target_spec *last, uint32_t next, void *end,
> struct dm_target_spec **spec, char **target_params)
> {
> + static_assert(_Alignof(struct dm_target_spec) <= 8,
> + "struct dm_target_spec has excessive alignment requirements");
> + if (next % 8) {
> + DMERR("Next target spec (offset %u) is not 8-byte aligned", next);
> + return -EINVAL;
> + }
> +
> *spec = (struct dm_target_spec *) ((unsigned char *) last + next);
> *target_params = (char *) (*spec + 1);
>
> --
> Sincerely,
> Demi Marie Obenour (she/her/hers)
> Invisible Things Lab
Hi
Some architectures (such as 32-bit x86) specify that the alignment of
64-bit integers is only 4-byte. This could in theory break old userspace
code that only uses 4-byte alignment. I would change "next % 8" to "next %
__alignof__(struct dm_target_spec)".
I think that there is no need to backport this patch series to the stable
kernels because the bugs that it fixes may only be exploited by the user
with CAP_SYS_ADMIN privilege. So, there is no security or reliability
problem being fixed.
Mikulas
Powered by blists - more mailing lists