lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <5b287ec6-72ff-4707-9040-3c84efc58b94@kernel.org>
Date: Thu, 23 Oct 2025 12:46:45 +0200
From: Jiri Slaby <jirislaby@...nel.org>
To: Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
 Amir Goldstein <amir73il@...il.com>, linux-fsdevel@...r.kernel.org
Cc: Josef Bacik <josef@...icpanda.com>, Jeff Layton <jlayton@...nel.org>,
 Mike Yuan <me@...dnzj.com>, Zbigniew Jędrzejewski-Szmek
 <zbyszek@...waw.pl>, Lennart Poettering <mzxreary@...inter.de>,
 Daan De Meyer <daan.j.demeyer@...il.com>, Aleksa Sarai <cyphar@...har.com>,
 Alexander Viro <viro@...iv.linux.org.uk>, Jens Axboe <axboe@...nel.dk>,
 Tejun Heo <tj@...nel.org>, Johannes Weiner <hannes@...xchg.org>,
 Michal Koutný <mkoutny@...e.com>,
 Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>,
 Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>,
 Chuck Lever <chuck.lever@...cle.com>, linux-nfs@...r.kernel.org,
 linux-kselftest@...r.kernel.org, linux-block@...r.kernel.org,
 linux-kernel@...r.kernel.org, cgroups@...r.kernel.org, netdev@...r.kernel.org
Subject: Re: [PATCH 01/32] pidfs: validate extensible ioctls

On 10. 09. 25, 16:36, Christian Brauner wrote:
> Validate extensible ioctls stricter than we do now.
> 
> Signed-off-by: Christian Brauner <brauner@...nel.org>
> ---
>   fs/pidfs.c         |  2 +-
>   include/linux/fs.h | 14 ++++++++++++++
>   2 files changed, 15 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/pidfs.c b/fs/pidfs.c
> index edc35522d75c..0a5083b9cce5 100644
> --- a/fs/pidfs.c
> +++ b/fs/pidfs.c
> @@ -440,7 +440,7 @@ static bool pidfs_ioctl_valid(unsigned int cmd)
>   		 * erronously mistook the file descriptor for a pidfd.
>   		 * This is not perfect but will catch most cases.
>   		 */
> -		return (_IOC_TYPE(cmd) == _IOC_TYPE(PIDFD_GET_INFO));
> +		return extensible_ioctl_valid(cmd, PIDFD_GET_INFO, PIDFD_INFO_SIZE_VER0);

Hi,

this turned EINVAL (from pidfd_info()) into ENOTTY (from pidfd_ioctl()) 
for at least LTP's:
struct pidfd_info_invalid {
	uint32_t dummy;
};

#define PIDFD_GET_INFO_SHORT _IOWR(PIDFS_IOCTL_MAGIC, 11, struct 
pidfd_info_invalid)

ioctl(pidfd, PIDFD_GET_INFO_SHORT, info_invalid) == EINVAL

at:
https://github.com/linux-test-project/ltp/blob/9bb94efa39bb1b08f37e56c7437db5fa13ddcae2/testcases/kernel/syscalls/ioctl/ioctl_pidfd05.c#L46

Is this expected?

> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -4023,4 +4023,18 @@ static inline bool vfs_empty_path(int dfd, const char __user *path)
>   
>   int generic_atomic_write_valid(struct kiocb *iocb, struct iov_iter *iter);
>   
> +static inline bool extensible_ioctl_valid(unsigned int cmd_a,
> +					  unsigned int cmd_b, size_t min_size)
> +{
> +	if (_IOC_DIR(cmd_a) != _IOC_DIR(cmd_b))
> +		return false;
> +	if (_IOC_TYPE(cmd_a) != _IOC_TYPE(cmd_b))
> +		return false;
> +	if (_IOC_NR(cmd_a) != _IOC_NR(cmd_b))
> +		return false;
> +	if (_IOC_SIZE(cmd_a) < min_size)
> +		return false;
> +	return true;
> +}
> +
>   #endif /* _LINUX_FS_H */
> 

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ