| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240507233645.GZ360919@frogsfrogsfrogs>
Date: Tue, 7 May 2024 16:36:45 -0700
From: "Darrick J. Wong" <djwong@...nel.org>
To: Christoph Hellwig <hch@...radead.org>
Cc: Dan Carpenter <dan.carpenter@...aro.org>,
Chandan Babu R <chandan.babu@...cle.com>, linux-xfs@...r.kernel.org,
linux-kernel@...r.kernel.org, kernel-janitors@...r.kernel.org
Subject: Re: [PATCH] xfs: check for negatives in xfs_exchange_range_checks()
On Mon, May 06, 2024 at 11:40:25PM -0700, Christoph Hellwig wrote:
> On Tue, May 07, 2024 at 09:33:40AM +0300, Dan Carpenter wrote:
> > On Mon, May 06, 2024 at 11:06:17PM -0700, Christoph Hellwig wrote:
> > > On Sat, May 04, 2024 at 02:27:36PM +0300, Dan Carpenter wrote:
> > > > The fxr->file1_offset and fxr->file2_offset variables come from the user
> > > > in xfs_ioc_exchange_range(). They are size loff_t which is an s64.
> > > > Check the they aren't negative.
> > > >
> > > > Fixes: 9a64d9b3109d ("xfs: introduce new file range exchange ioctl")
> > >
> > > In this commit file1_offset and file2_offset are u64. They used to
> > > be u64 in the initial submission, but we changed that as part of the
> > > review process.
> >
> > I've just checked again, and I think it was loff_t in that commit.
> > There are two related structs, the one that's userspace API and the
> > one that's internal. The userspace API is u64 but internally it's
> > loff_t.
>
> Ah, yes. The in-kernel ones probably just needs to move to use u64
> as well.
I don't think we want userspace to be able to exchangerange data at file
positions that they can't read or write with a standard fs syscall.
--D
Powered by blists - more mailing lists