lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <ZhflWqUg88h1Cuse@tissot.1015granger.net>
Date: Thu, 11 Apr 2024 09:27:54 -0400
From: Chuck Lever <chuck.lever@...cle.com>
To: Vasily Gorbik <gor@...ux.ibm.com>
Cc: Jeff Layton <jlayton@...nel.org>, Neil Brown <neilb@...e.de>,
        Olga Kornievskaia <kolga@...app.com>, Dai Ngo <Dai.Ngo@...cle.com>,
        Tom Talpey <tom@...pey.com>, linux-nfs@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] NFSD: fix endianness issue in nfsd4_encode_fattr4

On Thu, Apr 11, 2024 at 11:45:57AM +0200, Vasily Gorbik wrote:
> The nfs4 mount fails with EIO on 64-bit big endian architectures since
> v6.7. The issue arises from employing a union in the nfsd4_encode_fattr4()
> function to overlay a 32-bit array with a 64-bit values based bitmap,
> which does not function as intended. Address the endianness issue by
> utilizing bitmap_from_arr32() to copy 32-bit attribute masks into a
> bitmap in an endianness-agnostic manner.
> 
> Cc: <stable@...r.kernel.org>
> Fixes: fce7913b13d0 ("NFSD: Use a bitmask loop to encode FATTR4 results")
> Link: https://bugs.launchpad.net/ubuntu/+source/nfs-utils/+bug/2060217
> Signed-off-by: Vasily Gorbik <gor@...ux.ibm.com>

Thank you for the bug fix! Applied to nfsd-fixes (for v6.9-rc).


> ---
>  fs/nfsd/nfs4xdr.c | 47 +++++++++++++++++++++++------------------------
>  1 file changed, 23 insertions(+), 24 deletions(-)
> 
> diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c
> index 10439d569d9c..85d43b3249f9 100644
> --- a/fs/nfsd/nfs4xdr.c
> +++ b/fs/nfsd/nfs4xdr.c
> @@ -3519,11 +3519,13 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  		    struct dentry *dentry, const u32 *bmval,
>  		    int ignore_crossmnt)
>  {
> +	DECLARE_BITMAP(attr_bitmap, ARRAY_SIZE(nfsd4_enc_fattr4_encode_ops));
>  	struct nfsd4_fattr_args args;
>  	struct svc_fh *tempfh = NULL;
>  	int starting_len = xdr->buf->len;
>  	__be32 *attrlen_p, status;
>  	int attrlen_offset;
> +	u32 attrmask[3];
>  	int err;
>  	struct nfsd4_compoundres *resp = rqstp->rq_resp;
>  	u32 minorversion = resp->cstate.minorversion;
> @@ -3531,10 +3533,6 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  		.mnt	= exp->ex_path.mnt,
>  		.dentry	= dentry,
>  	};
> -	union {
> -		u32		attrmask[3];
> -		unsigned long	mask[2];
> -	} u;
>  	unsigned long bit;
>  	bool file_modified = false;
>  	u64 size = 0;
> @@ -3550,20 +3548,19 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  	/*
>  	 * Make a local copy of the attribute bitmap that can be modified.
>  	 */
> -	memset(&u, 0, sizeof(u));
> -	u.attrmask[0] = bmval[0];
> -	u.attrmask[1] = bmval[1];
> -	u.attrmask[2] = bmval[2];
> +	attrmask[0] = bmval[0];
> +	attrmask[1] = bmval[1];
> +	attrmask[2] = bmval[2];
>  
>  	args.rdattr_err = 0;
>  	if (exp->ex_fslocs.migrated) {
> -		status = fattr_handle_absent_fs(&u.attrmask[0], &u.attrmask[1],
> -						&u.attrmask[2], &args.rdattr_err);
> +		status = fattr_handle_absent_fs(&attrmask[0], &attrmask[1],
> +						&attrmask[2], &args.rdattr_err);
>  		if (status)
>  			goto out;
>  	}
>  	args.size = 0;
> -	if (u.attrmask[0] & (FATTR4_WORD0_CHANGE | FATTR4_WORD0_SIZE)) {
> +	if (attrmask[0] & (FATTR4_WORD0_CHANGE | FATTR4_WORD0_SIZE)) {
>  		status = nfsd4_deleg_getattr_conflict(rqstp, d_inode(dentry),
>  					&file_modified, &size);
>  		if (status)
> @@ -3582,16 +3579,16 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  
>  	if (!(args.stat.result_mask & STATX_BTIME))
>  		/* underlying FS does not offer btime so we can't share it */
> -		u.attrmask[1] &= ~FATTR4_WORD1_TIME_CREATE;
> -	if ((u.attrmask[0] & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
> +		attrmask[1] &= ~FATTR4_WORD1_TIME_CREATE;
> +	if ((attrmask[0] & (FATTR4_WORD0_FILES_AVAIL | FATTR4_WORD0_FILES_FREE |
>  			FATTR4_WORD0_FILES_TOTAL | FATTR4_WORD0_MAXNAME)) ||
> -	    (u.attrmask[1] & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
> +	    (attrmask[1] & (FATTR4_WORD1_SPACE_AVAIL | FATTR4_WORD1_SPACE_FREE |
>  		       FATTR4_WORD1_SPACE_TOTAL))) {
>  		err = vfs_statfs(&path, &args.statfs);
>  		if (err)
>  			goto out_nfserr;
>  	}
> -	if ((u.attrmask[0] & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) &&
> +	if ((attrmask[0] & (FATTR4_WORD0_FILEHANDLE | FATTR4_WORD0_FSID)) &&
>  	    !fhp) {
>  		tempfh = kmalloc(sizeof(struct svc_fh), GFP_KERNEL);
>  		status = nfserr_jukebox;
> @@ -3606,10 +3603,10 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  		args.fhp = fhp;
>  
>  	args.acl = NULL;
> -	if (u.attrmask[0] & FATTR4_WORD0_ACL) {
> +	if (attrmask[0] & FATTR4_WORD0_ACL) {
>  		err = nfsd4_get_nfs4_acl(rqstp, dentry, &args.acl);
>  		if (err == -EOPNOTSUPP)
> -			u.attrmask[0] &= ~FATTR4_WORD0_ACL;
> +			attrmask[0] &= ~FATTR4_WORD0_ACL;
>  		else if (err == -EINVAL) {
>  			status = nfserr_attrnotsupp;
>  			goto out;
> @@ -3621,17 +3618,17 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  
>  #ifdef CONFIG_NFSD_V4_SECURITY_LABEL
>  	args.context = NULL;
> -	if ((u.attrmask[2] & FATTR4_WORD2_SECURITY_LABEL) ||
> -	     u.attrmask[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
> +	if ((attrmask[2] & FATTR4_WORD2_SECURITY_LABEL) ||
> +	     attrmask[0] & FATTR4_WORD0_SUPPORTED_ATTRS) {
>  		if (exp->ex_flags & NFSEXP_SECURITY_LABEL)
>  			err = security_inode_getsecctx(d_inode(dentry),
>  						&args.context, &args.contextlen);
>  		else
>  			err = -EOPNOTSUPP;
>  		args.contextsupport = (err == 0);
> -		if (u.attrmask[2] & FATTR4_WORD2_SECURITY_LABEL) {
> +		if (attrmask[2] & FATTR4_WORD2_SECURITY_LABEL) {
>  			if (err == -EOPNOTSUPP)
> -				u.attrmask[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
> +				attrmask[2] &= ~FATTR4_WORD2_SECURITY_LABEL;
>  			else if (err)
>  				goto out_nfserr;
>  		}
> @@ -3639,8 +3636,8 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  #endif /* CONFIG_NFSD_V4_SECURITY_LABEL */
>  
>  	/* attrmask */
> -	status = nfsd4_encode_bitmap4(xdr, u.attrmask[0],
> -				      u.attrmask[1], u.attrmask[2]);
> +	status = nfsd4_encode_bitmap4(xdr, attrmask[0], attrmask[1],
> +				      attrmask[2]);
>  	if (status)
>  		goto out;
>  
> @@ -3649,7 +3646,9 @@ nfsd4_encode_fattr4(struct svc_rqst *rqstp, struct xdr_stream *xdr,
>  	attrlen_p = xdr_reserve_space(xdr, XDR_UNIT);
>  	if (!attrlen_p)
>  		goto out_resource;
> -	for_each_set_bit(bit, (const unsigned long *)&u.mask,
> +	bitmap_from_arr32(attr_bitmap, attrmask,
> +			  ARRAY_SIZE(nfsd4_enc_fattr4_encode_ops));
> +	for_each_set_bit(bit, attr_bitmap,
>  			 ARRAY_SIZE(nfsd4_enc_fattr4_encode_ops)) {
>  		status = nfsd4_enc_fattr4_encode_ops[bit](xdr, &args);
>  		if (status != nfs_ok)
> -- 
> 2.41.0

-- 
Chuck Lever

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ