| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 May 2024 22:28:41 +0800
From: Jingbo Xu <jefflexu@...ux.alibaba.com>
To: libaokun@...weicloud.com, netfs@...ts.linux.dev, dhowells@...hat.com,
jlayton@...nel.org
Cc: hsiangkao@...ux.alibaba.com, zhujia.zj@...edance.com,
linux-erofs@...ts.ozlabs.org, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, yangerkun@...wei.com, houtao1@...wei.com,
yukuai3@...wei.com, wozizhi@...wei.com, Baokun Li <libaokun1@...wei.com>
Subject: Re: [PATCH v3 06/12] cachefiles: add consistency check for
copen/cread
On 5/22/24 7:43 PM, libaokun@...weicloud.com wrote:
> From: Baokun Li <libaokun1@...wei.com>
>
> This prevents malicious processes from completing random copen/cread
> requests and crashing the system. Added checks are listed below:
>
> * Generic, copen can only complete open requests, and cread can only
> complete read requests.
> * For copen, ondemand_id must not be 0, because this indicates that the
> request has not been read by the daemon.
> * For cread, the object corresponding to fd and req should be the same.
>
> Signed-off-by: Baokun Li <libaokun1@...wei.com>
> Acked-by: Jeff Layton <jlayton@...nel.org>
> ---
> fs/cachefiles/ondemand.c | 27 ++++++++++++++++++++-------
> 1 file changed, 20 insertions(+), 7 deletions(-)
>
> diff --git a/fs/cachefiles/ondemand.c b/fs/cachefiles/ondemand.c
> index bb94ef6a6f61..898fab68332b 100644
> --- a/fs/cachefiles/ondemand.c
> +++ b/fs/cachefiles/ondemand.c
> @@ -82,12 +82,12 @@ static loff_t cachefiles_ondemand_fd_llseek(struct file *filp, loff_t pos,
> }
>
> static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
> - unsigned long arg)
> + unsigned long id)
> {
> struct cachefiles_object *object = filp->private_data;
> struct cachefiles_cache *cache = object->volume->cache;
> struct cachefiles_req *req;
> - unsigned long id;
> + XA_STATE(xas, &cache->reqs, id);
>
> if (ioctl != CACHEFILES_IOC_READ_COMPLETE)
> return -EINVAL;
> @@ -95,10 +95,15 @@ static long cachefiles_ondemand_fd_ioctl(struct file *filp, unsigned int ioctl,
> if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
> return -EOPNOTSUPP;
>
> - id = arg;
> - req = xa_erase(&cache->reqs, id);
> - if (!req)
> + xa_lock(&cache->reqs);
> + req = xas_load(&xas);
> + if (!req || req->msg.opcode != CACHEFILES_OP_READ ||
> + req->object != object) {
> + xa_unlock(&cache->reqs);
> return -EINVAL;
> + }
> + xas_store(&xas, NULL);
> + xa_unlock(&cache->reqs);
>
> trace_cachefiles_ondemand_cread(object, id);
> complete(&req->done);
> @@ -126,6 +131,7 @@ int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args)
> unsigned long id;
> long size;
> int ret;
> + XA_STATE(xas, &cache->reqs, 0);
>
> if (!test_bit(CACHEFILES_ONDEMAND_MODE, &cache->flags))
> return -EOPNOTSUPP;
> @@ -149,9 +155,16 @@ int cachefiles_ondemand_copen(struct cachefiles_cache *cache, char *args)
> if (ret)
> return ret;
>
> - req = xa_erase(&cache->reqs, id);
> - if (!req)
> + xa_lock(&cache->reqs);
> + xas.xa_index = id;
> + req = xas_load(&xas);
> + if (!req || req->msg.opcode != CACHEFILES_OP_OPEN ||
> + !req->object->ondemand->ondemand_id) {
For a valid opened object, I think ondemand_id shall > 0. When the
copen is for the object which is in the reopening state, ondemand_id can
be CACHEFILES_ONDEMAND_ID_CLOSED (actually -1)?
Otherwise looks good to me.
--
Thanks,
Jingbo
Powered by blists - more mailing lists