Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp740891ybl; Wed, 4 Dec 2019 10:06:00 -0800 (PST) X-Google-Smtp-Source: APXvYqz2ml4A8nzwnC+7zxNyIwj3/1v97iUfML3QsVse474OiG3ias68kMOSxPJX+QOMHhHmfEQt X-Received: by 2002:a05:6830:1e9a:: with SMTP id n26mr3266645otr.99.1575482760832; Wed, 04 Dec 2019 10:06:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575482760; cv=none; d=google.com; s=arc-20160816; b=NLQGDcZbsUjXsa0zQLpmLSUNb6eA05gltxBr2vbESfQnvhouZW52yLxVHaLbCvGBfM 9A1bwaApULvKVGg0TCstawOcNd0MvM1p0O3cw4GIzsLCyYNuz4YEK+8fRZgARZ4Potkx UK+/YGJdP/dk2vnKrriApiMLUOmcGflxORAnRmYDPQOhf6eEp9EIsFp1lTJoMgvGENm1 xMWNnV+GSwix5aBIHBM0BM0sWDPNe3HlBhYzXSZ8YrQN8w6X/5+2TuUAqH8T1Hx0sp/H P3NbJFbV/CJy1dhjNhsUH7WjgIFkBhRsWqllIaGzJsuhfrguEG9To8XJIijK0JCOUvGo 69tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=zUYpLFzZwj8hZTdJ3tSWCBe/dHI+CCWfWUMTeKmELqs=; b=jvMU+Y6kVd20KnPAu45Fe6VUBDPeE57mSz90VQGznZxf6MxMyvzjAy6kJHhNPoE6O0 AHf/razBzmsmCVZ04eBftej9rZyTmeQguRKU2mQ5k7wtHnAkw+fQhbvjOLtDMqkt82vj P+tiwi2m1YfK7Lju3kAKktQTAII4V3FbqFZN3UoiBzBjvkyKhDTuIngvyBMLJQRY4V2W /vau4vj3ihImXQsB9NdX2WmKybDI0M0WlAa9sJAAPSKV81zUTqxan9KKVf4mCxhfAHSn Pc4dCagEfX6eBudmsftwjDrz0wLuHR0Hn2TK9ayiwf4X8r7GvB6JM8hkV9dImjkyG/Y2 QknA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cotR2jr4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s22si3080265oij.35.2019.12.04.10.05.47; Wed, 04 Dec 2019 10:06:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=cotR2jr4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729694AbfLDSEX (ORCPT + 99 others); Wed, 4 Dec 2019 13:04:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:48990 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729773AbfLDSEH (ORCPT ); Wed, 4 Dec 2019 13:04:07 -0500 Received: from localhost (unknown [217.68.49.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 057742073B; Wed, 4 Dec 2019 18:04:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575482646; bh=JgZyYSBf2SW/EqWNhdaCW9RzKKTKsfeBvai0anq+xy4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=cotR2jr4a2Osiz0WF0UZ9pf+CyKNT8TEFqH8Nc0AuN9EiPuVg9JTYWNTaMc0PvXbG GtyHiuWXmBa1dPX1hfjVNLBM06u6+x2srNvRxO3+DgwRZNVedq/0gTEYgrUBY8XI2E r7LTg7N740Z59eMGweg2RwKtI1e8utUvMDtTeZus= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nick Bowler , "Darrick J. Wong" , Sasha Levin Subject: [PATCH 4.14 078/209] xfs: Fix bulkstat compat ioctls on x32 userspace. Date: Wed, 4 Dec 2019 18:54:50 +0100 Message-Id: <20191204175326.826209283@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191204175321.609072813@linuxfoundation.org> References: <20191204175321.609072813@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nick Bowler [ Upstream commit 7ca860e3c1a74ad6bd8949364073ef1044cad758 ] The bulkstat family of ioctls are problematic on x32, because there is a mixup of native 32-bit and 64-bit conventions. The xfs_fsop_bulkreq struct contains pointers and 32-bit integers so that matches the native 32-bit layout, and that means the ioctl implementation goes into the regular compat path on x32. However, the 'ubuffer' member of that struct in turn refers to either struct xfs_inogrp or xfs_bstat (or an array of these). On x32, those structures match the native 64-bit layout. The compat implementation writes out the 32-bit version of these structures. This is not the expected format for x32 userspace, causing problems. Fortunately the functions which actually output these xfs_inogrp and xfs_bstat structures have an easy way to select which output format is required, so we just need a little tweak to select the right format on x32. Signed-off-by: Nick Bowler Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Signed-off-by: Sasha Levin --- fs/xfs/xfs_ioctl32.c | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c index d3c0e4b8bf421..5f616a6a5358d 100644 --- a/fs/xfs/xfs_ioctl32.c +++ b/fs/xfs/xfs_ioctl32.c @@ -252,6 +252,32 @@ xfs_compat_ioc_bulkstat( int done; int error; + /* + * Output structure handling functions. Depending on the command, + * either the xfs_bstat and xfs_inogrp structures are written out + * to userpace memory via bulkreq.ubuffer. Normally the compat + * functions and structure size are the correct ones to use ... + */ + inumbers_fmt_pf inumbers_func = xfs_inumbers_fmt_compat; + bulkstat_one_pf bs_one_func = xfs_bulkstat_one_compat; + size_t bs_one_size = sizeof(struct compat_xfs_bstat); + +#ifdef CONFIG_X86_X32 + if (in_x32_syscall()) { + /* + * ... but on x32 the input xfs_fsop_bulkreq has pointers + * which must be handled in the "compat" (32-bit) way, while + * the xfs_bstat and xfs_inogrp structures follow native 64- + * bit layout convention. So adjust accordingly, otherwise + * the data written out in compat layout will not match what + * x32 userspace expects. + */ + inumbers_func = xfs_inumbers_fmt; + bs_one_func = xfs_bulkstat_one; + bs_one_size = sizeof(struct xfs_bstat); + } +#endif + /* done = 1 if there are more stats to get and if bulkstat */ /* should be called again (unused here, but used in dmapi) */ @@ -283,15 +309,15 @@ xfs_compat_ioc_bulkstat( if (cmd == XFS_IOC_FSINUMBERS_32) { error = xfs_inumbers(mp, &inlast, &count, - bulkreq.ubuffer, xfs_inumbers_fmt_compat); + bulkreq.ubuffer, inumbers_func); } else if (cmd == XFS_IOC_FSBULKSTAT_SINGLE_32) { int res; - error = xfs_bulkstat_one_compat(mp, inlast, bulkreq.ubuffer, - sizeof(compat_xfs_bstat_t), NULL, &res); + error = bs_one_func(mp, inlast, bulkreq.ubuffer, + bs_one_size, NULL, &res); } else if (cmd == XFS_IOC_FSBULKSTAT_32) { error = xfs_bulkstat(mp, &inlast, &count, - xfs_bulkstat_one_compat, sizeof(compat_xfs_bstat_t), + bs_one_func, bs_one_size, bulkreq.ubuffer, &done); } else error = -EINVAL; -- 2.20.1