From: Arnd Bergmann <arnd@kernel.org>
To: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
linux-mips@vger.kernel.org, Helge Deller <deller@gmx.de>,
linux-parisc@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>,
Andreas Larsson <andreas@gaisler.com>,
sparclinux@vger.kernel.org, Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
"Naveen N . Rao" <naveen.n.rao@linux.ibm.com>,
linuxppc-dev@lists.ozlabs.org, Brian Cain <bcain@quicinc.com>,
linux-hexagon@vger.kernel.org, Guo Ren <guoren@kernel.org>,
linux-csky@vger.kernel.org, Heiko Carstens <hca@linux.ibm.com>,
linux-s390@vger.kernel.org, Rich Felker <dalias@libc.org>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
linux-sh@vger.kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>,
linux-fsdevel@vger.kernel.org, libc-alpha@sourceware.org,
musl@lists.openwall.com, stable@vger.kernel.org
Subject: [PATCH v2 01/13] ftruncate: pass a signed offset
Date: Mon, 24 Jun 2024 18:36:59 +0200 [thread overview]
Message-ID: <20240624163707.299494-2-arnd@kernel.org> (raw)
In-Reply-To: <20240624163707.299494-1-arnd@kernel.org>
From: Arnd Bergmann <arnd@arndb.de>
The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.
Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.
The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.
Fixes: 3f6d078d4acc ("fix compat truncate/ftruncate")
Reviewed-by: Christian Brauner <brauner@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
fs/open.c | 4 ++--
include/linux/compat.h | 2 +-
include/linux/syscalls.h | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 89cafb572061..50e45bc7c4d8 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -202,13 +202,13 @@ long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
return error;
}
-SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
+SYSCALL_DEFINE2(ftruncate, unsigned int, fd, off_t, length)
{
return do_sys_ftruncate(fd, length, 1);
}
#ifdef CONFIG_COMPAT
-COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length)
+COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_off_t, length)
{
return do_sys_ftruncate(fd, length, 1);
}
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 233f61ec8afc..56cebaff0c91 100644
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
@@ -608,7 +608,7 @@ asmlinkage long compat_sys_fstatfs(unsigned int fd,
asmlinkage long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz,
struct compat_statfs64 __user *buf);
asmlinkage long compat_sys_truncate(const char __user *, compat_off_t);
-asmlinkage long compat_sys_ftruncate(unsigned int, compat_ulong_t);
+asmlinkage long compat_sys_ftruncate(unsigned int, compat_off_t);
/* No generic prototype for truncate64, ftruncate64, fallocate */
asmlinkage long compat_sys_openat(int dfd, const char __user *filename,
int flags, umode_t mode);
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 9104952d323d..ba9337709878 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -418,7 +418,7 @@ asmlinkage long sys_listmount(const struct mnt_id_req __user *req,
u64 __user *mnt_ids, size_t nr_mnt_ids,
unsigned int flags);
asmlinkage long sys_truncate(const char __user *path, long length);
-asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
+asmlinkage long sys_ftruncate(unsigned int fd, off_t length);
#if BITS_PER_LONG == 32
asmlinkage long sys_truncate64(const char __user *path, loff_t length);
asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length);
--
2.39.2
WARNING: multiple messages have this Message-ID (diff)
From: Arnd Bergmann <arnd@kernel.org>
To: linux-arch@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Rich Felker <dalias@libc.org>,
Andreas Larsson <andreas@gaisler.com>,
Guo Ren <guoren@kernel.org>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
"H. Peter Anvin" <hpa@zytor.com>,
sparclinux@vger.kernel.org, linux-s390@vger.kernel.org,
Helge Deller <deller@gmx.de>,
linux-sh@vger.kernel.org, linux-csky@vger.kernel.org,
"Naveen N . Rao" <naveen.n.rao@linux.ibm.com>,
Arnd Bergmann <arnd@arndb.de>, Heiko Carstens <hca@linux.ibm.com>,
musl@lists.openwall.com, Nicholas Piggin <npiggin@gmail.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
Brian Cain <bcain@quicinc.com>,
Christian Brauner <brauner@kernel.org>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
libc-alpha@sourceware.org, linux-parisc@vger.kernel.org,
linux-mips@vger.kernel.org, stable@vger.kernel.org,
linux-hexagon@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linuxppc-dev@lists.ozlabs.org,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH v2 01/13] ftruncate: pass a signed offset
Date: Mon, 24 Jun 2024 18:36:59 +0200 [thread overview]
Message-ID: <20240624163707.299494-2-arnd@kernel.org> (raw)
In-Reply-To: <20240624163707.299494-1-arnd@kernel.org>
From: Arnd Bergmann <arnd@arndb.de>
The old ftruncate() syscall, using the 32-bit off_t misses a sign
extension when called in compat mode on 64-bit architectures. As a
result, passing a negative length accidentally succeeds in truncating
to file size between 2GiB and 4GiB.
Changing the type of the compat syscall to the signed compat_off_t
changes the behavior so it instead returns -EINVAL.
The native entry point, the truncate() syscall and the corresponding
loff_t based variants are all correct already and do not suffer
from this mistake.
Fixes: 3f6d078d4acc ("fix compat truncate/ftruncate")
Reviewed-by: Christian Brauner <brauner@kernel.org>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
fs/open.c | 4 ++--
include/linux/compat.h | 2 +-
include/linux/syscalls.h | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 89cafb572061..50e45bc7c4d8 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -202,13 +202,13 @@ long do_sys_ftruncate(unsigned int fd, loff_t length, int small)
return error;
}
-SYSCALL_DEFINE2(ftruncate, unsigned int, fd, unsigned long, length)
+SYSCALL_DEFINE2(ftruncate, unsigned int, fd, off_t, length)
{
return do_sys_ftruncate(fd, length, 1);
}
#ifdef CONFIG_COMPAT
-COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_ulong_t, length)
+COMPAT_SYSCALL_DEFINE2(ftruncate, unsigned int, fd, compat_off_t, length)
{
return do_sys_ftruncate(fd, length, 1);
}
diff --git a/include/linux/compat.h b/include/linux/compat.h
index 233f61ec8afc..56cebaff0c91 100644
--- a/include/linux/compat.h
+++ b/include/linux/compat.h
@@ -608,7 +608,7 @@ asmlinkage long compat_sys_fstatfs(unsigned int fd,
asmlinkage long compat_sys_fstatfs64(unsigned int fd, compat_size_t sz,
struct compat_statfs64 __user *buf);
asmlinkage long compat_sys_truncate(const char __user *, compat_off_t);
-asmlinkage long compat_sys_ftruncate(unsigned int, compat_ulong_t);
+asmlinkage long compat_sys_ftruncate(unsigned int, compat_off_t);
/* No generic prototype for truncate64, ftruncate64, fallocate */
asmlinkage long compat_sys_openat(int dfd, const char __user *filename,
int flags, umode_t mode);
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 9104952d323d..ba9337709878 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -418,7 +418,7 @@ asmlinkage long sys_listmount(const struct mnt_id_req __user *req,
u64 __user *mnt_ids, size_t nr_mnt_ids,
unsigned int flags);
asmlinkage long sys_truncate(const char __user *path, long length);
-asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length);
+asmlinkage long sys_ftruncate(unsigned int fd, off_t length);
#if BITS_PER_LONG == 32
asmlinkage long sys_truncate64(const char __user *path, loff_t length);
asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length);
--
2.39.2
next prev parent reply other threads:[~2024-06-24 16:37 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 16:36 [PATCH v2 00/13] linux system call fixes Arnd Bergmann
2024-06-24 16:36 ` Arnd Bergmann
2024-06-24 16:36 ` Arnd Bergmann [this message]
2024-06-24 16:36 ` [PATCH v2 01/13] ftruncate: pass a signed offset Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 02/13] syscalls: fix compat_sys_io_pgetevents_time64 usage Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 03/13] sparc: fix old compat_sys_select() Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 04/13] sparc: fix compat recv/recvfrom syscalls Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 05/13] parisc: use correct " Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 06/13] parisc: use generic sys_fanotify_mark implementation Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-29 17:46 ` Guenter Roeck
2024-06-29 17:46 ` Guenter Roeck
2024-06-29 21:05 ` Arnd Bergmann
2024-06-29 21:05 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 07/13] powerpc: restore some missing spu syscalls Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-24 16:37 ` [PATCH v2 08/13] sh: rework sync_file_range ABI Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-06-25 6:11 ` John Paul Adrian Glaubitz
2024-06-25 6:11 ` John Paul Adrian Glaubitz
2024-06-24 16:37 ` [PATCH v2 09/13] csky, hexagon: fix broken sys_sync_file_range Arnd Bergmann
2024-06-24 16:37 ` Arnd Bergmann
2024-08-16 20:27 ` Brian Cain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240624163707.299494-2-arnd@kernel.org \
--to=arnd@kernel.org \
--cc=andreas@gaisler.com \
--cc=arnd@arndb.de \
--cc=bcain@quicinc.com \
--cc=brauner@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=dalias@libc.org \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=glaubitz@physik.fu-berlin.de \
--cc=guoren@kernel.org \
--cc=hca@linux.ibm.com \
--cc=hpa@zytor.com \
--cc=libc-alpha@sourceware.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-csky@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-hexagon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mpe@ellerman.id.au \
--cc=musl@lists.openwall.com \
--cc=naveen.n.rao@linux.ibm.com \
--cc=npiggin@gmail.com \
--cc=sparclinux@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tsbogend@alpha.franken.de \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.