From: Eric Biggers <ebiggers@kernel.org>
To: Chirantan Ekbote <chirantan@chromium.org>
Cc: Miklos Szeredi <miklos@szeredi.hu>,
linux-fsdevel@vger.kernel.org, Dylan Reid <dgreid@chromium.org>,
Suleiman Souhlal <suleiman@chromium.org>,
fuse-devel@lists.sourceforge.net, linux-fscrypt@vger.kernel.org
Subject: Re: [PATCH] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX
Date: Mon, 7 Dec 2020 10:01:06 -0800 [thread overview]
Message-ID: <X85t4o2fmVUo8RpZ@gmail.com> (raw)
In-Reply-To: <20201207040303.906100-1-chirantan@chromium.org>
Please Cc linux-fscrypt@vger.kernel.org on all fscrypt-related patches.
On Mon, Dec 07, 2020 at 01:03:03PM +0900, Chirantan Ekbote wrote:
> This is a dynamically sized ioctl so we need to check the user-provided
> parameter for the actual length.
>
> Signed-off-by: Chirantan Ekbote <chirantan@chromium.org>
Could you add something here about why this ioctl in particular needs to be
passed through FUSE? This isn't the only dynamically-sized ioctl.
> @@ -2808,6 +2809,21 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
> case FS_IOC_SETFLAGS:
> iov->iov_len = sizeof(int);
> break;
> + case FS_IOC_GET_ENCRYPTION_POLICY_EX: {
This is in the middle of a 200 lines function. It would be easier to understand
if you refactored this to use a helper function that that takes in the ioctl
number and user buffer and returns the size.
> + struct fscrypt_get_policy_ex_arg policy;
'__u64 policy_size' would be sufficient, since only that part of the struct is
used.
> + unsigned long size_ptr =
> + arg + offsetof(struct fscrypt_get_policy_ex_arg,
> + policy_size);
Doing pointer arithmetic on unsigned long is unusual. It would be easier to
understand if you did:
struct fscrypt_get_policy_ex_arg __user *uarg =
(struct fscrypt_get_policy_ex_arg __user *)arg;
Then pass &uarg->policy_size to copy_from_user().
> +
> + if (copy_from_user(&policy.policy_size,
> + (void __user *)size_ptr,
> + sizeof(policy.policy_size)))
> + return -EFAULT;
> +
> + iov->iov_len =
> + sizeof(policy.policy_size) + policy.policy_size;
> + break;
This may overflow SIZE_MAX, as policy_size is a __u64 directly from userspace.
Wouldn't FUSE need to limit the size to a smaller value?
- Eric
next prev parent reply other threads:[~2020-12-07 18:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-07 4:03 [PATCH] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX Chirantan Ekbote
2020-12-07 18:01 ` Eric Biggers [this message]
2020-12-08 9:38 ` [PATCH v2 0/2] fuse: fscrypt ioctl support Chirantan Ekbote
2020-12-08 9:38 ` [PATCH v2 1/2] fuse: Move ioctl length calculation to a separate function Chirantan Ekbote
2020-12-11 18:11 ` Eric Biggers
2020-12-08 9:38 ` [PATCH v2 2/2] fuse: Support FS_IOC_GET_ENCRYPTION_POLICY_EX Chirantan Ekbote
2020-12-11 18:12 ` Eric Biggers
2021-02-15 14:49 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X85t4o2fmVUo8RpZ@gmail.com \
--to=ebiggers@kernel.org \
--cc=chirantan@chromium.org \
--cc=dgreid@chromium.org \
--cc=fuse-devel@lists.sourceforge.net \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=suleiman@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.