From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vitaly Lipatov <lav@etersoft.ru>,
Jeff Layton <jlayton@redhat.com>,
David Howells <dhowells@redhat.com>
Subject: [PATCH 4.14 36/52] fcntl: dont cap l_start and l_end values for F_GETLK64 in compat syscall
Date: Fri, 15 Dec 2017 10:52:13 +0100 [thread overview]
Message-ID: <20171215092310.523650772@linuxfoundation.org> (raw)
In-Reply-To: <20171215092308.500651185@linuxfoundation.org>
4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jeff Layton <jlayton@redhat.com>
commit 4d2dc2cc766c3b51929658cacbc6e34fc8e242fb upstream.
Currently, we're capping the values too low in the F_GETLK64 case. The
fields in that structure are 64-bit values, so we shouldn't need to do
any sort of fixup there.
Make sure we check that assumption at build time in the future however
by ensuring that the sizes we're copying will fit.
With this, we no longer need COMPAT_LOFF_T_MAX either, so remove it.
Fixes: 94073ad77fff2 (fs/locks: don't mess with the address limit in compat_fcntl64)
Reported-by: Vitaly Lipatov <lav@etersoft.ru>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: David Howells <dhowells@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
arch/arm64/include/asm/compat.h | 1 -
arch/mips/include/asm/compat.h | 1 -
arch/parisc/include/asm/compat.h | 1 -
arch/powerpc/include/asm/compat.h | 1 -
arch/s390/include/asm/compat.h | 1 -
arch/sparc/include/asm/compat.h | 1 -
arch/tile/include/asm/compat.h | 1 -
arch/x86/include/asm/compat.h | 1 -
fs/fcntl.c | 11 +++++------
9 files changed, 5 insertions(+), 14 deletions(-)
--- a/arch/arm64/include/asm/compat.h
+++ b/arch/arm64/include/asm/compat.h
@@ -215,7 +215,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
/*
* A pointer passed in from user mode. This should not
--- a/arch/mips/include/asm/compat.h
+++ b/arch/mips/include/asm/compat.h
@@ -200,7 +200,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
/*
* A pointer passed in from user mode. This should not
--- a/arch/parisc/include/asm/compat.h
+++ b/arch/parisc/include/asm/compat.h
@@ -195,7 +195,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
struct compat_ipc64_perm {
compat_key_t key;
--- a/arch/powerpc/include/asm/compat.h
+++ b/arch/powerpc/include/asm/compat.h
@@ -185,7 +185,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
/*
* A pointer passed in from user mode. This should not
--- a/arch/s390/include/asm/compat.h
+++ b/arch/s390/include/asm/compat.h
@@ -263,7 +263,6 @@ typedef struct compat_siginfo {
#define si_overrun _sifields._timer._overrun
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
/*
* A pointer passed in from user mode. This should not
--- a/arch/sparc/include/asm/compat.h
+++ b/arch/sparc/include/asm/compat.h
@@ -209,7 +209,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
/*
* A pointer passed in from user mode. This should not
--- a/arch/tile/include/asm/compat.h
+++ b/arch/tile/include/asm/compat.h
@@ -173,7 +173,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
struct compat_ipc64_perm {
compat_key_t key;
--- a/arch/x86/include/asm/compat.h
+++ b/arch/x86/include/asm/compat.h
@@ -209,7 +209,6 @@ typedef struct compat_siginfo {
} compat_siginfo_t;
#define COMPAT_OFF_T_MAX 0x7fffffff
-#define COMPAT_LOFF_T_MAX 0x7fffffffffffffffL
struct compat_ipc64_perm {
compat_key_t key;
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
@@ -563,6 +563,9 @@ static int put_compat_flock64(const stru
{
struct compat_flock64 fl;
+ BUILD_BUG_ON(sizeof(kfl->l_start) > sizeof(ufl->l_start));
+ BUILD_BUG_ON(sizeof(kfl->l_len) > sizeof(ufl->l_len));
+
memset(&fl, 0, sizeof(struct compat_flock64));
copy_flock_fields(&fl, kfl);
if (copy_to_user(ufl, &fl, sizeof(struct compat_flock64)))
@@ -641,12 +644,8 @@ COMPAT_SYSCALL_DEFINE3(fcntl64, unsigned
if (err)
break;
err = fcntl_getlk(f.file, convert_fcntl_cmd(cmd), &flock);
- if (err)
- break;
- err = fixup_compat_flock(&flock);
- if (err)
- return err;
- err = put_compat_flock64(&flock, compat_ptr(arg));
+ if (!err)
+ err = put_compat_flock64(&flock, compat_ptr(arg));
break;
case F_SETLK:
case F_SETLKW:
next prev parent reply other threads:[~2017-12-15 9:56 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-15 9:51 [PATCH 4.14 00/52] 4.14.7-stable review Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 02/52] net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 03/52] net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 05/52] s390/qeth: fix early exit from error path Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 06/52] tipc: fix memory leak in tipc_accept_from_sock() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 07/52] vhost: fix skb leak in handle_rx() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 09/52] sit: update frag_off info Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 10/52] tcp: add tcp_v4_fill_cb()/tcp_v4_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 11/52] packet: fix crash in fanout_demux_rollover() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 12/52] net/packet: fix a race in packet_bind() and packet_notifier() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 13/52] tcp: remove buggy call to tcp_v6_restore_cb() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 16/52] stmmac: reset last TSO segment size after device open Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 18/52] s390/qeth: build max size GSO skbs on L2 devices Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 19/52] s390/qeth: fix thinko in IPv4 multicast address tracking Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 20/52] s390/qeth: fix GSO throughput regression Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 21/52] tcp: use IPCB instead of TCP_SKB_CB in inet_exact_dif_match() Greg Kroah-Hartman
2017-12-15 9:51 ` [PATCH 4.14 22/52] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 23/52] tcp: use current time in tcp_rcv_space_adjust() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 24/52] net: sched: cbq: create block for q->link.block Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 25/52] tap: free skb if flags error Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 26/52] tcp: when scheduling TLP, time of RTO should account for current ACK Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 27/52] tun: free skb in early errors Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 28/52] net: ipv6: Fixup device for anycast routes during copy Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 29/52] tun: fix rcu_read_lock imbalance in tun_build_skb Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 30/52] net: accept UFO datagrams from tuntap and packet Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 31/52] net: openvswitch: datapath: fix data type in queue_gso_packets Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 32/52] cls_bpf: dont decrement nets refcount when offload fails Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 33/52] sctp: use right member as the param of list_for_each_entry Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 34/52] ipmi: Stop timers before cleaning up the module Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 35/52] usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping Greg Kroah-Hartman
2017-12-15 9:52 ` Greg Kroah-Hartman [this message]
2017-12-15 9:52 ` [PATCH 4.14 37/52] fix kcm_clone() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 38/52] KVM: arm/arm64: vgic-its: Preserve the revious read from the pending table Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 39/52] kbuild: do not call cc-option before KBUILD_CFLAGS initialization Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 40/52] powerpc/powernv/idle: Round up latency and residency values Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 41/52] ipvlan: fix ipv6 outbound device Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 42/52] ide: ide-atapi: fix compile error with defining macro DEBUG Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 43/52] blk-mq: Avoid that request queue removal can trigger list corruption Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 44/52] nvmet-rdma: update queue list during ib_device removal Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 45/52] audit: Allow auditd to set pid to 0 to end auditing Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 46/52] audit: ensure that audit=1 actually enables audit for PID 1 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 47/52] dm raid: fix panic when attempting to force a raid to sync Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 48/52] md: free unused memory after bitmap resize Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 49/52] RDMA/cxgb4: Annotate r2 and stag as __be32 Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 50/52] x86/intel_rdt: Fix potential deadlock during resctrl unmount Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 51/52] media: dvb-core: always call invoke_release() in fe_free() Greg Kroah-Hartman
2017-12-15 9:52 ` [PATCH 4.14 52/52] dvb_frontend: dont use-after-free the frontend struct Greg Kroah-Hartman
2017-12-15 10:09 ` [PATCH 4.14 00/52] 4.14.7-stable review Nikola Ciprich
2017-12-15 10:09 ` Nikola Ciprich
2017-12-15 13:07 ` Greg Kroah-Hartman
2017-12-15 17:41 ` Guenter Roeck
2017-12-15 18:27 ` Greg Kroah-Hartman
2017-12-15 21:12 ` Shuah Khan
2017-12-15 21:32 ` Greg Kroah-Hartman
2017-12-16 5:28 ` Naresh Kamboju
2017-12-16 8:23 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171215092310.523650772@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dhowells@redhat.com \
--cc=jlayton@redhat.com \
--cc=lav@etersoft.ru \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.