Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp750103ybl; Wed, 4 Dec 2019 10:13:50 -0800 (PST) X-Google-Smtp-Source: APXvYqwJ5nOTmmRpIZqhJDwkT3W+Jd49dMz+5P8ZCxvxycYXzEq0jZSELIbLiy7+XoKZ68K6WLki X-Received: by 2002:a05:6830:1141:: with SMTP id x1mr3638145otq.120.1575483230471; Wed, 04 Dec 2019 10:13:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1575483230; cv=none; d=google.com; s=arc-20160816; b=EXojuxztIDubrK5dRV0tNFoK34yz905ZyItnugHP845yh0ezm9cqQYcnMeYVFBBmAz LX4h650tYdcMRpYVXAgsOqvSbo4VpgBXV0OTHkh+arTJ79DYbcmgPJRiSIKE4J093z19 QKPk+GNwAIUySOf6UjHRrD5sDYFXu/GIKcVCGSm8HtT0vYF9YFghXaMzQcVdB2I7fTG+ Wb2qMH5MUZ8rBpZJptNOsMwLCuZRl9evepfqEMJlSxrwaoPeOC8p1Zobi7iAJqSeNPfa ouMAXFGsyTOEU3WEQ2TJS+sAaIIvfvxDfBhUoaJeZLyrf+kYuCCBVh62xkjufj5BnLYN K7EA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Kp891ZE36L2v1NNNBVp12gxyRdjRWa0aDn5uetk3t8E=; b=eoe6vxjBxprOiGwQutwlpNq5nNXv7VUqdSFlX/uk2KuxT3EC1DLWbd6VY4E0oqPhLT vwgV36T6XeK4pHnHH8hojkKS6Xn1vcNko3qAa87oYy3Mnz8ddj85S9KvNUAR9Q7YvQud lzt1kmXgq2x5D2LcytZiQl5HiHCBFR2NxLqj4vFo/H1AAmPtfpSYwJsTY1wvKetth23s sYoYVwefvReY9Nopnu8XnkcJqhVPJE9nxe+s///npb6B7GqWaJ4yvIlghxirQ+bJ8KWF Rc68KSMq+u+bh2kxh8pg8xqWSSApiTl5h5Srk6xOOC5c/9K1DCdvqnhTktvl52WcczwY Rlhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zfexd94x; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h200si3579425oib.258.2019.12.04.10.13.36; Wed, 04 Dec 2019 10:13:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zfexd94x; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731455AbfLDSLd (ORCPT + 99 others); Wed, 4 Dec 2019 13:11:33 -0500 Received: from mail.kernel.org ([198.145.29.99]:39716 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731445AbfLDSLa (ORCPT ); Wed, 4 Dec 2019 13:11:30 -0500 Received: from localhost (unknown [217.68.49.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B2C352084B; Wed, 4 Dec 2019 18:11:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1575483089; bh=NvrQw7QKrw6deC5tWLOAh/fQD/q5N773PT0/67Lg21w=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zfexd94xnuXUYQwafXV92FJHlfH/BIU+G9f4NGjD8Bo+91zynF0IgBvMa7ne6qt11 S74uSlBjKPzM4ZLcJE53uh0XhYBuqFK5TxAzTnCUbhM1Jd9MkS0JixTbYPILt9LAPx q2KXTxWV1C8hYQKvUjhSNd1iPWQ4245lvYKXRnYI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Nick Bowler , "Darrick J. Wong" , Sasha Levin Subject: [PATCH 4.9 048/125] xfs: Fix bulkstat compat ioctls on x32 userspace. Date: Wed, 4 Dec 2019 18:55:53 +0100 Message-Id: <20191204175321.892795502@linuxfoundation.org> X-Mailer: git-send-email 2.24.0 In-Reply-To: <20191204175308.377746305@linuxfoundation.org> References: <20191204175308.377746305@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Nick Bowler [ Upstream commit 7ca860e3c1a74ad6bd8949364073ef1044cad758 ] The bulkstat family of ioctls are problematic on x32, because there is a mixup of native 32-bit and 64-bit conventions. The xfs_fsop_bulkreq struct contains pointers and 32-bit integers so that matches the native 32-bit layout, and that means the ioctl implementation goes into the regular compat path on x32. However, the 'ubuffer' member of that struct in turn refers to either struct xfs_inogrp or xfs_bstat (or an array of these). On x32, those structures match the native 64-bit layout. The compat implementation writes out the 32-bit version of these structures. This is not the expected format for x32 userspace, causing problems. Fortunately the functions which actually output these xfs_inogrp and xfs_bstat structures have an easy way to select which output format is required, so we just need a little tweak to select the right format on x32. Signed-off-by: Nick Bowler Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong Signed-off-by: Sasha Levin --- fs/xfs/xfs_ioctl32.c | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/fs/xfs/xfs_ioctl32.c b/fs/xfs/xfs_ioctl32.c index 8f18756ee405e..6b7ed221726db 100644 --- a/fs/xfs/xfs_ioctl32.c +++ b/fs/xfs/xfs_ioctl32.c @@ -251,6 +251,32 @@ xfs_compat_ioc_bulkstat( int done; int error; + /* + * Output structure handling functions. Depending on the command, + * either the xfs_bstat and xfs_inogrp structures are written out + * to userpace memory via bulkreq.ubuffer. Normally the compat + * functions and structure size are the correct ones to use ... + */ + inumbers_fmt_pf inumbers_func = xfs_inumbers_fmt_compat; + bulkstat_one_pf bs_one_func = xfs_bulkstat_one_compat; + size_t bs_one_size = sizeof(struct compat_xfs_bstat); + +#ifdef CONFIG_X86_X32 + if (in_x32_syscall()) { + /* + * ... but on x32 the input xfs_fsop_bulkreq has pointers + * which must be handled in the "compat" (32-bit) way, while + * the xfs_bstat and xfs_inogrp structures follow native 64- + * bit layout convention. So adjust accordingly, otherwise + * the data written out in compat layout will not match what + * x32 userspace expects. + */ + inumbers_func = xfs_inumbers_fmt; + bs_one_func = xfs_bulkstat_one; + bs_one_size = sizeof(struct xfs_bstat); + } +#endif + /* done = 1 if there are more stats to get and if bulkstat */ /* should be called again (unused here, but used in dmapi) */ @@ -282,15 +308,15 @@ xfs_compat_ioc_bulkstat( if (cmd == XFS_IOC_FSINUMBERS_32) { error = xfs_inumbers(mp, &inlast, &count, - bulkreq.ubuffer, xfs_inumbers_fmt_compat); + bulkreq.ubuffer, inumbers_func); } else if (cmd == XFS_IOC_FSBULKSTAT_SINGLE_32) { int res; - error = xfs_bulkstat_one_compat(mp, inlast, bulkreq.ubuffer, - sizeof(compat_xfs_bstat_t), NULL, &res); + error = bs_one_func(mp, inlast, bulkreq.ubuffer, + bs_one_size, NULL, &res); } else if (cmd == XFS_IOC_FSBULKSTAT_32) { error = xfs_bulkstat(mp, &inlast, &count, - xfs_bulkstat_one_compat, sizeof(compat_xfs_bstat_t), + bs_one_func, bs_one_size, bulkreq.ubuffer, &done); } else error = -EINVAL; -- 2.20.1