From: Richard Hansen <rhansen@rhansen.org>
To: "Darrick J. Wong" <darrick.wong@oracle.com>,
Miklos Szeredi <miklos@szeredi.hu>,
Alexander Viro <viro@zeniv.linux.org.uk>
Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
fuse-devel@lists.sourceforge.net
Subject: Re: [PATCH] fuse: Fix IOC_[GS]ETFLAGS argument size brokenness
Date: Fri, 20 Dec 2013 11:48:04 -0500 [thread overview]
Message-ID: <52B474C4.2070004@rhansen.org> (raw)
In-Reply-To: <20131219232739.GA10192@birch.djwong.org>
On 2013-12-19 18:27, Darrick J. Wong wrote:
> The IOC_[GS]ETFLAGS ioctls, despite being defined to take a "long"
> parameter, actually take "int" parameters. FUSE unfortunately assumed
> that the ioctl definitions never lie, and transfers a long's worth of
> data in and out of userspace, which causes stack smashing in chattr,
> and other bugs elsewhere.
>
> So, special-case this in FUSE, and document this int/long quirk in
> include/uapi/linux/fs.h.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
> fs/fuse/file.c | 11 +++++++++++
> include/uapi/linux/fs.h | 1 +
> 2 files changed, 12 insertions(+)
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 7e70506..5fa8181 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -2385,6 +2385,17 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
> iov->iov_base = (void __user *)arg;
> iov->iov_len = _IOC_SIZE(cmd);
>
> + /*
> + * The IOC_[GS]ETFLAGS ioctls take int parameters even though
> + * the ioctl definition specifies long. Userland has been
> + * expecting int for ages (and chattr segfaults on FUSE
> + * filesystems), so special case that here. The IOC32
> + * variants were declared with int, so they don't need this.
> + */
> + if (cmd == FS_IOC_GETFLAGS || cmd == FS_IOC_SETFLAGS) {
> + iov->iov_len = sizeof(int);
> + }
> +
> if (_IOC_DIR(cmd) & _IOC_WRITE) {
> in_iov = iov;
> in_iovs = 1;
What about FS_IOC_GETVERSION and FS_IOC_SETVERSION? Should they also be
special-cased? See:
http://article.gmane.org/gmane.linux.kernel/1602607
-Richard
> diff --git a/include/uapi/linux/fs.h b/include/uapi/linux/fs.h
> index 6c28b61..bc8aa8e 100644
> --- a/include/uapi/linux/fs.h
> +++ b/include/uapi/linux/fs.h
> @@ -154,6 +154,7 @@ struct inodes_stat_t {
> #define FITHAW _IOWR('X', 120, int) /* Thaw */
> #define FITRIM _IOWR('X', 121, struct fstrim_range) /* Trim */
>
> +/* IOC_[GS]ETFLAGS take an int argument despite being defined to take long. */
> #define FS_IOC_GETFLAGS _IOR('f', 1, long)
> #define FS_IOC_SETFLAGS _IOW('f', 2, long)
> #define FS_IOC_GETVERSION _IOR('v', 1, long)
next prev parent reply other threads:[~2013-12-20 16:48 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-19 23:27 [PATCH] fuse: Fix IOC_[GS]ETFLAGS argument size brokenness Darrick J. Wong
2013-12-20 6:19 ` Richard Hansen
[not found] ` <52B3E16F.7070409-ATUMkS0HV+5AfugRpC6u6w@public.gmane.org>
2013-12-20 23:10 ` Darrick J. Wong
2013-12-20 23:10 ` Darrick J. Wong
2013-12-20 16:48 ` Richard Hansen [this message]
[not found] ` <20131219232739.GA10192-PTl6brltDGh4DFYR7WNSRA@public.gmane.org>
2013-12-20 23:35 ` [PATCH v2] fuse: Fix IOC_[GS]ET{FLAGS, VERSION} " Darrick J. Wong
2013-12-20 23:35 ` [PATCH v2] fuse: Fix IOC_[GS]ET{FLAGS,VERSION} " Darrick J. Wong
2013-12-21 2:09 ` Andreas Dilger
2013-12-21 2:45 ` Darrick J. Wong
2014-01-06 17:50 ` [fuse-devel] [PATCH v2] fuse: Fix IOC_[GS]ET{FLAGS, VERSION} " Miklos Szeredi
2014-01-07 1:34 ` Darrick J. Wong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52B474C4.2070004@rhansen.org \
--to=rhansen@rhansen.org \
--cc=darrick.wong@oracle.com \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.