| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251110231157.4ab7601b@pumpkin> Date: Mon, 10 Nov 2025 23:11:57 +0000 From: David Laight <david.laight.linux@...il.com> To: Masaharu Noguchi <nogunix@...il.com> Cc: Jeff Layton <jlayton@...nel.org>, Chuck Lever <chuck.lever@...cle.com>, Jesper Juhl <jesperjuhl76@...il.com>, Alexander Aring <alex.aring@...il.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH v2 1/2] uapi: fcntl: guard AT_RENAME_* aliases On Mon, 10 Nov 2025 23:42:31 +0900 Masaharu Noguchi <nogunix@...il.com> wrote: > Including <linux/fcntl.h> after libc headers such as stdio.h may leave > the renameat2() flag macros defined to libc's values. That leaks the > wrong numbers into user space even though the kernel header tries to > provide its own aliases. > > Check whether AT_RENAME_* is already defined and whether the value > matches what the uapi header expects. If not, drop the old definition > and replace it with the kernel one so the exported flags stay stable > regardless of include order. > > Signed-off-by: Masaharu Noguchi <nogunix@...il.com> > --- > include/uapi/linux/fcntl.h | 15 ++++++++++++++- > 1 file changed, 14 insertions(+), 1 deletion(-) > > diff --git a/include/uapi/linux/fcntl.h b/include/uapi/linux/fcntl.h > index 3741ea1b73d8..8b667550e44a 100644 > --- a/include/uapi/linux/fcntl.h > +++ b/include/uapi/linux/fcntl.h > @@ -156,10 +156,23 @@ > * as possible, so we can use them for generic bits in the future if necessary. > */ > > -/* Flags for renameat2(2) (must match legacy RENAME_* flags). */ > +/* Flags for renameat2(2) (must match legacy RENAME_* flags). > + * stdio.h may define these differently, so check explicitly. > + */ > +#if !defined(AT_RENAME_NOREPLACE) || AT_RENAME_NOREPLACE != 0x0001 > +#undef AT_RENAME_NOREPLACE I deliberately left out the #undef so you'd get a compile-time error if the values of the definitions differ. David > #define AT_RENAME_NOREPLACE 0x0001 > +#endif > + > +#if !defined(AT_RENAME_EXCHANGE) || AT_RENAME_EXCHANGE != 0x0002 > +#undef AT_RENAME_EXCHANGE > #define AT_RENAME_EXCHANGE 0x0002 > +#endif > + > +#if !defined(AT_RENAME_WHITEOUT) || AT_RENAME_WHITEOUT != 0x0004 > +#undef AT_RENAME_WHITEOUT > #define AT_RENAME_WHITEOUT 0x0004 > +#endif > > /* Flag for faccessat(2). */ > #define AT_EACCESS 0x200 /* Test access permitted for
Powered by blists - more mailing lists