From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Amir Goldstein <amir73il@gmail.com>,
Miklos Szeredi <mszeredi@redhat.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 05/90] ovl: fix wrong flags check in FS_IOC_FS[SG]ETXATTR ioctls
Date: Mon, 24 Jun 2019 17:55:55 +0800 [thread overview]
Message-ID: <20190624092314.323719589@linuxfoundation.org> (raw)
In-Reply-To: <20190624092313.788773607@linuxfoundation.org>
[ Upstream commit 941d935ac7636911a3fd8fa80e758e52b0b11e20 ]
The ioctl argument was parsed as the wrong type.
Fixes: b21d9c435f93 ("ovl: support the FS_IOC_FS[SG]ETXATTR ioctls")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/overlayfs/file.c | 91 ++++++++++++++++++++++++++++++++-------------
1 file changed, 65 insertions(+), 26 deletions(-)
diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c
index 749532fd51d7..0bd276e4ccbe 100644
--- a/fs/overlayfs/file.c
+++ b/fs/overlayfs/file.c
@@ -409,37 +409,16 @@ static long ovl_real_ioctl(struct file *file, unsigned int cmd,
return ret;
}
-static unsigned int ovl_get_inode_flags(struct inode *inode)
-{
- unsigned int flags = READ_ONCE(inode->i_flags);
- unsigned int ovl_iflags = 0;
-
- if (flags & S_SYNC)
- ovl_iflags |= FS_SYNC_FL;
- if (flags & S_APPEND)
- ovl_iflags |= FS_APPEND_FL;
- if (flags & S_IMMUTABLE)
- ovl_iflags |= FS_IMMUTABLE_FL;
- if (flags & S_NOATIME)
- ovl_iflags |= FS_NOATIME_FL;
-
- return ovl_iflags;
-}
-
static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
- unsigned long arg)
+ unsigned long arg, unsigned int iflags)
{
long ret;
struct inode *inode = file_inode(file);
- unsigned int flags;
- unsigned int old_flags;
+ unsigned int old_iflags;
if (!inode_owner_or_capable(inode))
return -EACCES;
- if (get_user(flags, (int __user *) arg))
- return -EFAULT;
-
ret = mnt_want_write_file(file);
if (ret)
return ret;
@@ -448,8 +427,8 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
/* Check the capability before cred override */
ret = -EPERM;
- old_flags = ovl_get_inode_flags(inode);
- if (((flags ^ old_flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL)) &&
+ old_iflags = READ_ONCE(inode->i_flags);
+ if (((iflags ^ old_iflags) & (S_APPEND | S_IMMUTABLE)) &&
!capable(CAP_LINUX_IMMUTABLE))
goto unlock;
@@ -469,6 +448,63 @@ static long ovl_ioctl_set_flags(struct file *file, unsigned int cmd,
}
+static unsigned int ovl_fsflags_to_iflags(unsigned int flags)
+{
+ unsigned int iflags = 0;
+
+ if (flags & FS_SYNC_FL)
+ iflags |= S_SYNC;
+ if (flags & FS_APPEND_FL)
+ iflags |= S_APPEND;
+ if (flags & FS_IMMUTABLE_FL)
+ iflags |= S_IMMUTABLE;
+ if (flags & FS_NOATIME_FL)
+ iflags |= S_NOATIME;
+
+ return iflags;
+}
+
+static long ovl_ioctl_set_fsflags(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ unsigned int flags;
+
+ if (get_user(flags, (int __user *) arg))
+ return -EFAULT;
+
+ return ovl_ioctl_set_flags(file, cmd, arg,
+ ovl_fsflags_to_iflags(flags));
+}
+
+static unsigned int ovl_fsxflags_to_iflags(unsigned int xflags)
+{
+ unsigned int iflags = 0;
+
+ if (xflags & FS_XFLAG_SYNC)
+ iflags |= S_SYNC;
+ if (xflags & FS_XFLAG_APPEND)
+ iflags |= S_APPEND;
+ if (xflags & FS_XFLAG_IMMUTABLE)
+ iflags |= S_IMMUTABLE;
+ if (xflags & FS_XFLAG_NOATIME)
+ iflags |= S_NOATIME;
+
+ return iflags;
+}
+
+static long ovl_ioctl_set_fsxflags(struct file *file, unsigned int cmd,
+ unsigned long arg)
+{
+ struct fsxattr fa;
+
+ memset(&fa, 0, sizeof(fa));
+ if (copy_from_user(&fa, (void __user *) arg, sizeof(fa)))
+ return -EFAULT;
+
+ return ovl_ioctl_set_flags(file, cmd, arg,
+ ovl_fsxflags_to_iflags(fa.fsx_xflags));
+}
+
static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
long ret;
@@ -480,8 +516,11 @@ static long ovl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
break;
case FS_IOC_SETFLAGS:
+ ret = ovl_ioctl_set_fsflags(file, cmd, arg);
+ break;
+
case FS_IOC_FSSETXATTR:
- ret = ovl_ioctl_set_flags(file, cmd, arg);
+ ret = ovl_ioctl_set_fsxflags(file, cmd, arg);
break;
default:
--
2.20.1
next prev parent reply other threads:[~2019-06-24 10:14 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-24 9:55 [PATCH 4.19 00/90] 4.19.56-stable review Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 01/90] tracing: Silence GCC 9 array bounds warning Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 02/90] objtool: Support per-function rodata sections Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 03/90] gcc-9: silence address-of-packed-member warning Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 04/90] ovl: support the FS_IOC_FS[SG]ETXATTR ioctls Greg Kroah-Hartman
2019-06-24 9:55 ` Greg Kroah-Hartman [this message]
2019-06-24 9:55 ` [PATCH 4.19 06/90] ovl: make i_ino consistent with st_ino in more cases Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 07/90] ovl: detect overlapping layers Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 08/90] ovl: dont fail with disconnected lower NFS Greg Kroah-Hartman
2019-06-24 9:55 ` [PATCH 4.19 09/90] ovl: fix bogus -Wmaybe-unitialized warning Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 10/90] s390/jump_label: Use "jdd" constraint on gcc9 Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 11/90] s390/ap: rework assembler functions to use unions for in/out register variables Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 12/90] mmc: sdhci: sdhci-pci-o2micro: Correctly set bus width when tuning Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 13/90] mmc: core: API to temporarily disable retuning for SDIO CRC errors Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 14/90] mmc: core: Add sdio_retune_hold_now() and sdio_retune_release() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 15/90] mmc: core: Prevent processing SDIO IRQs when the card is suspended Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 16/90] scsi: ufs: Avoid runtime suspend possibly being blocked forever Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 17/90] usb: chipidea: udc: workaround for endpoint conflict issue Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 18/90] xhci: detect USB 3.2 capable host controllers correctly Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 19/90] usb: xhci: Dont try to recover an endpoint if port is in error state Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 20/90] IB/hfi1: Validate fault injection opcode user input Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 21/90] IB/hfi1: Silence txreq allocation warnings Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 22/90] iio: temperature: mlx90632 Relax the compatibility check Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 23/90] Input: synaptics - enable SMBus on ThinkPad E480 and E580 Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 24/90] Input: uinput - add compat ioctl number translation for UI_*_FF_UPLOAD Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 25/90] Input: silead - add MSSL0017 to acpi_device_id Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 26/90] apparmor: fix PROFILE_MEDIATES for untrusted input Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 27/90] apparmor: enforce nullbyte at end of tag string Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 28/90] brcmfmac: sdio: Disable auto-tuning around commands expected to fail Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 29/90] brcmfmac: sdio: Dont tune while the card is off Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 30/90] ARC: fix build warnings Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 31/90] dmaengine: dw-axi-dmac: fix null dereference when pointer first is null Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 32/90] dmaengine: sprd: Fix block length overflow Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 33/90] ARC: [plat-hsdk]: Add missing multicast filter bins number to GMAC node Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 34/90] ARC: [plat-hsdk]: Add missing FIFO size entry in " Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 35/90] fpga: dfl: afu: Pass the correct device to dma_mapping_error() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 36/90] fpga: dfl: Add lockdep classes for pdata->lock Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 37/90] parport: Fix mem leak in parport_register_dev_model Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 38/90] parisc: Fix compiler warnings in float emulation code Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 39/90] IB/rdmavt: Fix alloc_qpn() WARN_ON() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 40/90] IB/hfi1: Insure freeze_work work_struct is canceled on shutdown Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 41/90] IB/{qib, hfi1, rdmavt}: Correct ibv_devinfo max_mr value Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 42/90] IB/hfi1: Validate page aligned for a given virtual address Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 43/90] MIPS: uprobes: remove set but not used variable epc Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 44/90] xtensa: Fix section mismatch between memblock_reserve and mem_reserve Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 45/90] kselftest/cgroup: fix unexpected testing failure on test_memcontrol Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 46/90] kselftest/cgroup: fix unexpected testing failure on test_core Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 47/90] kselftest/cgroup: fix incorrect test_core skip Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 48/90] selftests: vm: install test_vmalloc.sh for run_vmtests Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 49/90] net: dsa: mv88e6xxx: avoid error message on remove from VLAN 0 Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 50/90] net: hns: Fix loopback test failed at copper ports Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 51/90] mdesc: fix a missing-check bug in get_vdev_port_node_info() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 52/90] sparc: perf: fix updated event period in response to PERF_EVENT_IOC_PERIOD Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 53/90] net: ethernet: mediatek: Use hw_feature to judge if HWLRO is supported Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 54/90] net: ethernet: mediatek: Use NET_IP_ALIGN to judge if HW RX_2BYTE_OFFSET is enabled Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 55/90] drm/arm/mali-dp: Add a loop around the second set CVAL and try 5 times Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 56/90] drm/arm/hdlcd: Actually validate CRTC modes Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 57/90] drm/arm/hdlcd: Allow a bit of clock tolerance Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 58/90] nvmet: fix data_len to 0 for bdev-backed write_zeroes Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 59/90] scripts/checkstack.pl: Fix arm64 wrong or unknown architecture Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 60/90] scsi: ufs: Check that space was properly alloced in copy_query_response Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 61/90] scsi: smartpqi: unlock on error in pqi_submit_raid_request_synchronous() Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 62/90] net: ipvlan: Fix ipvlan device tso disabled while NETIF_F_IP_CSUM is set Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 63/90] s390/qeth: fix VLAN attribute in bridge_hostnotify udev event Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 64/90] hwmon: (core) add thermal sensors only if dev->of_node is present Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 65/90] hwmon: (pmbus/core) Treat parameters as paged if on multiple pages Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 66/90] arm64: Silence gcc warnings about arch ABI drift Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 67/90] nvme: Fix u32 overflow in the number of namespace list calculation Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 68/90] btrfs: start readahead also in seed devices Greg Kroah-Hartman
2019-06-24 9:56 ` [PATCH 4.19 69/90] can: xilinx_can: use correct bittiming_const for CAN FD core Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 70/90] can: flexcan: fix timeout when set small bitrate Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 71/90] can: purge socket error queue on sock destruct Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 72/90] riscv: mm: synchronize MMU after pte change Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 73/90] powerpc/bpf: use unsigned division instruction for 64-bit operations Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 74/90] ARM: imx: cpuidle-imx6sx: Restrict the SW2ISO increase to i.MX6SX Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 75/90] ARM: dts: dra76x: Update MMC2_HS200_MANUAL1 iodelay values Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 76/90] ARM: dts: am57xx-idk: Remove support for voltage switching for SD card Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 77/90] arm64/sve: <uapi/asm/ptrace.h> should not depend on <uapi/linux/prctl.h> Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 78/90] arm64: ssbd: explicitly depend on <linux/prctl.h> Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 79/90] drm/vmwgfx: Use the backdoor port if the HB port is not available Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 80/90] staging: erofs: add requirements field in superblock Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 81/90] Bluetooth: Align minimum encryption key size for LE and BR/EDR connections Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 82/90] Bluetooth: Fix regression with minimum encryption key size alignment Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 83/90] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 84/90] cfg80211: fix memory leak of wiphy device name Greg Kroah-Hartman
2019-06-25 21:51 ` Pavel Machek
2019-06-25 22:33 ` Eric Biggers
2019-06-24 9:57 ` [PATCH 4.19 85/90] mac80211: drop robust management frames from unknown TA Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 86/90] {nl,mac}80211: allow 4addr AP operation on crypto controlled devices Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 87/90] mac80211: handle deauthentication/disassociation from TDLS peer Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 88/90] nl80211: fix station_info pertid memory leak Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 89/90] mac80211: Do not use stack memory with scatterlist for GMAC Greg Kroah-Hartman
2019-06-24 9:57 ` [PATCH 4.19 90/90] x86/resctrl: Dont stop walking closids when a locksetup group is found Greg Kroah-Hartman
2019-06-24 15:11 ` [PATCH 4.19 00/90] 4.19.56-stable review kernelci.org bot
2019-06-25 0:14 ` Guenter Roeck
2019-06-25 0:43 ` Naresh Kamboju
2019-06-25 10:00 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190624092314.323719589@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=amir73il@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mszeredi@redhat.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).