lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <61787165-8559-4ad6-90db-5ab6ee5e6fd9@app.fastmail.com>
Date: Wed, 09 Jul 2025 16:09:38 +0200
From: "Arnd Bergmann" <arnd@...db.de>
To: "Naresh Kamboju" <naresh.kamboju@...aro.org>,
 "LTP List" <ltp@...ts.linux.it>, "open list" <linux-kernel@...r.kernel.org>,
 lkft-triage@...ts.linaro.org, linux-fsdevel@...r.kernel.org,
 linux-block <linux-block@...r.kernel.org>
Cc: "Anders Roxell" <anders.roxell@...aro.org>,
 "Dan Carpenter" <dan.carpenter@...aro.org>,
 "Benjamin Copeland" <benjamin.copeland@...aro.org>,
 "Petr Vorel" <pvorel@...e.cz>, chrubis <chrubis@...e.cz>, rbm@...e.com,
 "Jens Axboe" <axboe@...nel.dk>, "Matthew Wilcox" <willy@...radead.org>,
 "Martin K. Petersen" <martin.petersen@...cle.com>,
 "Anuj Gupta" <anuj20.g@...sung.com>, "Kanchan Joshi" <joshi.k@...sung.com>,
 "Christoph Hellwig" <hch@....de>, "Christian Brauner" <brauner@...nel.org>
Subject: Re: LTP: syscalls: TWARN ioctl(/dev/loop0, LOOP_SET_STATUS, test_dev.img)
 failed EOPNOTSUPP (95)

On Wed, Jul 9, 2025, at 15:48, Naresh Kamboju wrote:
> On Tue, 8 Jul 2025 at 18:28, Naresh Kamboju <naresh.kamboju@...aro.org> wrote:
>>
>> Regressions were observed while testing LTP syscalls cachestat01 and
>> other related tests on the next-20250702 Linux kernel across several devices.
>>
>> The issue appears to be related to the inability to configure /dev/loop0
>> via the LOOP_SET_STATUS ioctl, which returned EOPNOTSUPP
>> (Operation not supported). This results in a TBROK condition,
>> causing the test to fail.
>
> Anders, bisected this down to this commit id,
>    # first bad commit:
>        [9eb22f7fedfc9eb1b7f431a5359abd4d15b0b0cd]
>        fs: add ioctl to query metadata and protection info capabilities

I see the problem now in

+       if (_IOC_NR(cmd) == _IOC_NR(FS_IOC_GETLBMD_CAP))
+               return blk_get_meta_cap(bdev, cmd, argp);
+

This only compares _IOC_NR() but not _IOC_TYPE, so LOOP_SET_STATUS
is treated the same as FS_IOC_GETLBMD_CAP, since both use '2' in
the lower 8 bit.

include/uapi/linux/fs.h:#define FS_IOC_GETLBMD_CAP              _IOWR(0x15, 2, struct logical_block_metadata_cap)
include/uapi/linux/loop.h:#define LOOP_SET_STATUS               0x4C02

I checked a couple of other drivers using _IOC_NR(), and it seems
that they many of them have the same bug, e.g.:

drivers/accel/habanalabs/common/habanalabs_ioctl.c
drivers/block/ublk_drv.c
drivers/dma-buf/dma-heap.c

    Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ