From: Christoph Hellwig <hch@infradead.org>
To: Arnd Bergmann <arnd@arndb.de>
Cc: "Darrick J . Wong" <darrick.wong@oracle.com>,
linux-xfs@vger.kernel.org, y2038@lists.linaro.org,
Brian Foster <bfoster@redhat.com>,
Dave Chinner <dchinner@redhat.com>,
Allison Collins <allison.henderson@oracle.com>,
Jan Kara <jack@suse.cz>, Eric Sandeen <sandeen@sandeen.net>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] xfs: disallow broken ioctls without compat-32-bit-time
Date: Tue, 24 Dec 2019 00:45:14 -0800 [thread overview]
Message-ID: <20191224084514.GC1739@infradead.org> (raw)
In-Reply-To: <20191218163954.296726-2-arnd@arndb.de>
On Wed, Dec 18, 2019 at 05:39:29PM +0100, Arnd Bergmann wrote:
> +/* disallow y2038-unsafe ioctls with CONFIG_COMPAT_32BIT_TIME=n */
> +static bool xfs_have_compat_bstat_time32(unsigned int cmd)
> +{
> + if (IS_ENABLED(CONFIG_COMPAT_32BIT_TIME))
> + return true;
> +
> + if (IS_ENABLED(CONFIG_64BIT) && !in_compat_syscall())
> + return true;
> +
> + if (cmd == XFS_IOC_FSBULKSTAT_SINGLE ||
> + cmd == XFS_IOC_FSBULKSTAT ||
> + cmd == XFS_IOC_SWAPEXT)
> + return false;
> +
> + return true;
I think the check for the individual command belongs into the callers,
which laves us with:
static inline bool have_time32(void)
{
return IS_ENABLED(CONFIG_COMPAT_32BIT_TIME) ||
(IS_ENABLED(CONFIG_64BIT) && !in_compat_syscall());
}
and that looks like it should be in a generic helper somewhere.
> STATIC int
> xfs_ioc_fsbulkstat(
> xfs_mount_t *mp,
> @@ -637,6 +655,9 @@ xfs_ioc_fsbulkstat(
> if (!capable(CAP_SYS_ADMIN))
> return -EPERM;
>
> + if (!xfs_have_compat_bstat_time32(cmd))
> + return -EINVAL;
Here we can simply check for cmd != XFS_IOC_FSINUMBERS before the call.
> if (XFS_FORCED_SHUTDOWN(mp))
> return -EIO;
>
> @@ -1815,6 +1836,11 @@ xfs_ioc_swapext(
> struct fd f, tmp;
> int error = 0;
>
> + if (!xfs_have_compat_bstat_time32(XFS_IOC_SWAPEXT)) {
> + error = -EINVAL;
> + goto out;
> + }
And for this one we just have one cmd anyway. But I actually still
disagree with the old_time check for this one entirely, as voiced on
one of the last iterations. For swapext the time stamp really is
only used as a generation counter, so overflows are entirely harmless.
next prev parent reply other threads:[~2019-12-24 8:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-18 16:39 [PATCH 1/3] xfs: rename compat_time_t to old_time32_t Arnd Bergmann
2019-12-18 16:39 ` [PATCH 2/3] xfs: disallow broken ioctls without compat-32-bit-time Arnd Bergmann
2019-12-24 8:45 ` Christoph Hellwig [this message]
2020-01-02 9:16 ` Arnd Bergmann
2020-01-02 18:07 ` Darrick J. Wong
2020-01-07 14:16 ` Christoph Hellwig
2020-01-07 18:16 ` Darrick J. Wong
2020-01-08 8:57 ` Christoph Hellwig
2020-01-02 20:34 ` Arnd Bergmann
2020-01-07 14:15 ` Christoph Hellwig
2019-12-18 16:44 ` [PATCH 3/3] xfs: quota: move to time64_t interfaces Arnd Bergmann
2019-12-24 8:39 ` [PATCH 1/3] xfs: rename compat_time_t to old_time32_t Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191224084514.GC1739@infradead.org \
--to=hch@infradead.org \
--cc=allison.henderson@oracle.com \
--cc=arnd@arndb.de \
--cc=bfoster@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=dchinner@redhat.com \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-xfs@vger.kernel.org \
--cc=sandeen@sandeen.net \
--cc=y2038@lists.linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.