Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp4195851pxb; Sun, 27 Mar 2022 14:04:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJx3BwOuZBWG07dbtN1oUOm9EoBU+zwYPkjUnHaZ0NcExqaDxHdr1wYXIK0tfVHF2xIdqKZW X-Received: by 2002:aa7:d7cb:0:b0:419:43f:efa9 with SMTP id e11-20020aa7d7cb000000b00419043fefa9mr12408527eds.75.1648415041245; Sun, 27 Mar 2022 14:04:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1648415041; cv=none; d=google.com; s=arc-20160816; b=sn7q8DcHfY6yWzKCJaxEUIA8eJa5UdUikpo0thUcFebfMMTt7lCD3a9jR5avD7Qova mo01Tr4q/rb+kpMZVCSFVNXMyWZVJXklKvJIT+SyF151O5PsMpJ90BpMSA+t9bQv5sue I9h/Mp/wnYyHBcCUMBil7JezFcugIs2zagbpjU1EZn+Hlk2gEz4ZGn/uJHuFRLUWpmp5 roWAzBWUGXVp1mVYAS9qDZIT/1/AgQO/7pySkKuDgE+w6Vula60pWKuoMnU1Pjcv02i2 mOUqDdsO9xy7a31B2Xx50fStyQWFwCZuDZ7uzO+uRpevGRjnTXMGPu3jRPRggNaioZA0 xt8A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:autocrypt:from :references:cc:to:subject; bh=EGf3csu8YN233MfR7rkaAEuXkyXNTlWPBzWWWUXtUus=; b=aiotDxIUkDNpmtWLk8EPlEV52XOQBoiXth9TDYAOOiGlkI4h+mH1AjSH478apMGjxA i3EYySPUyt5eBgxHRuOdmoL4IslVePkrNACBDAZvx4vjXpGNJwUipFPBj8U+AZKX6Pq0 0yKYRjcbuKgO+VHjMtlvFv4ZbdSzcOHlvqoZPPM4PVgKEwzdO0xIdYzP4NOu8MhtYkMH /K4rlIrrOGCVJEUs5ysc2j+ZeWvg/P1FDJVXllnfDv+4KMO54os5qVr9TJiqvBozlO81 tPeIYHDr8YPx/1kZIE1qIvNZmHXw1Y3Ia4wrB9JValpMcZimpue0EfRp9u3oZPCPnbiy fPwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id a5-20020a1709064a4500b006df76385e1dsi11563649ejv.701.2022.03.27.14.03.35; Sun, 27 Mar 2022 14:04:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233244AbiCZOTQ (ORCPT + 99 others); Sat, 26 Mar 2022 10:19:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53400 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231482AbiCZOTP (ORCPT ); Sat, 26 Mar 2022 10:19:15 -0400 Received: from mail.ispras.ru (mail.ispras.ru [83.149.199.84]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3EEF74621; Sat, 26 Mar 2022 07:17:38 -0700 (PDT) Received: from [192.168.1.206] (unknown [109.252.138.0]) by mail.ispras.ru (Postfix) with ESMTPSA id 62A0440755C4; Sat, 26 Mar 2022 14:17:33 +0000 (UTC) Subject: Re: [PATCH 4/4] file: Fix file descriptor leak in copy_fd_bitmaps() To: Fedor Pchelkin , Alexander Viro Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, Linus Torvalds References: <20220326114009.1690-1-aissur0002@gmail.com> From: Alexey Khoroshilov Autocrypt: addr=khoroshilov@ispras.ru; prefer-encrypt=mutual; keydata= xsFNBFtq9eIBEACxmOIPDht+aZvO9DGi4TwnZ1WTDnyDVz3Nnh0rlQCK8IssaT6wE5a95VWo iwOWalcL9bJMHQvw60JwZKFjt9oH2bov3xzx/JRCISQB4a4U1J/scWvPtabbB3t+VAodF5KZ vZ2gu/Q/Wa5JZ9aBH0IvNpBAAThFg1rBXKh7wNqrhsQlMLg+zTSK6ZctddNl6RyaJvAmbaTS sSeyUKXiabxHn3BR9jclXfmPLfWuayinBvW4J3vS+bOhbLxeu3MO0dUqeX/Nl8EAhvzo0I2d A0vRu/Ze1wU3EQYT6M8z3i1b3pdLjr/i+MI8Rgijs+TFRAhxRw/+0vHGTg6Pn02t0XkycxQR mhH3v0kVTvMyM7YSI7yXvd0QPxb1RX9AGmvbJu7eylzcq9Jla+/T3pOuWsJkbvbvuFKKmmYY WnAOR7vu/VNVfiy4rM0bfO14cIuEG+yvogcPuMmQGYu6ZwS9IdgZIOAkO57M/6wR0jIyfxrG FV3ietPtVcqeDVrcShKyziRLJ+Xcsg9BLdnImAqVQomYr27pyNMRL5ILuT7uOuAQPDKBksK+ l2Fws0d5iUifqnXSPuYxqgS4f8SQLS7ECxvCGVVbkEEng9vkkmyrF6wM86BZ9apPGDFbopiK 7GRxQtSGszVv83abaVb8aDsAudJIp7lLaIuXLZAe1r+ycYpEtQARAQABzSpBbGV4ZXkgS2hv cm9zaGlsb3YgPGtob3Jvc2hpbG92QGlzcHJhcy5ydT7CwX0EEwEIACcFAltq9eICGwMFCRLM AwAFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ2B/JSzCwrEWLaA/+NFZfyhU0vJzFtYsk yaqx8nWZLrAoUK7VcobH0lJH6lfGbarO5JpENaIiTP12YZ4xO+j3GGJtLy2gvnpypGnxmiAl RqPt7WeAIj6oqPrUs2QF7i4SOiPtku/NrysI1zHzlA8yqUduBtam5rdQeLRNCJiEED1fU8sp +DgJBN/OHEDyAag2hu1KFKWuPfQ+QGpXYZb+1NW/hKwvvwCNVyypELAfFnkketFXjIMwHnL8 ZPqJZlkvkpxuRXOaXPL9NFhZnC/WS+NJ81L3pr+w6eo3xTPYZvRW8glvqlEDgHqr3uMGIaes nwfRXLHp+TC1ht6efCXzdPyMZ1E7HXQN9foKisI1V5iQFhN+CT3dbsguQI4e10F5ql0TZUJY SMzvY0eObs6TWRdD/Ha7Y5rLmZ54R9sxumpZNcJzktfgm9f0XfeqVEJUn/40MRDD+l2W12Db Jkko+sbtAEw+f+/j3uz8xOE+Uv4kwFC5a6JKgdX88oigHnpAs3FvffP594Loi3ibFrQUW5wH bXh5Ni+l1GKEQ0PHMk+KQQT9L2r9s7C0Nh8XzwdpOshZWsrNSZqcG+01wrmUhyX2uSaoZ07I /+KZURlMSqI71X6lkMWlB3SyThvYhHgnR0EGGTerwM1MaVjHN+Z6lPmsKNxG8lzCeWeZ6peA c5oUHV4WQ8Ux9BM8saLOwU0EW2r14gEQAMz+5u+X7j1/dT4WLVRQaE1Shnd2dKBn2E7fgo/N 4JIY6wHD/DJoWYQpCJjjvBYSonvQsHicvDW8lPh2EXgZ9Fi8AHKT2mVPitVy+uhfWa/0FtsC e3hPfrjTcN7BUcXlIjmptxIoDbvQrNfIWUGdWiyDj4EDfABW/kagXqaBwF2HdcDaNDGggD1c DglA0APjezIyTGnGMKsi5QSSlOLm8OZEJMj5t+JL6QXrruijNb5Asmz5mpRQrak7DpGOskjK fClm/0oy2zDvWuoXJa+dm3YFr43V+c5EIMA4LpGk63Eg+5NltQ/gj0ycgD5o6reCbjLz4R9D JzBezK/KOQuNG5qKUTMbOHWaApZnZ6BDdOVflkV1V+LMo5GvIzkATNLm/7Jj6DmYmXbKoSAY BKZiJWqzNsL1AJtmJA1y5zbWX/W4CpNs8qYMYG8eTNOqunzopEhX7T0cOswcTGArZYygiwDW BuIS83QRc7udMlQg79qyMA5WqS9g9g/iodlssR9weIVoZSjfjhm5NJ3FmaKnb56h6DSvFgsH xCa4s1DGnZGSAtedj8E3ACOsEfu4J/WqXEmvMYNBdGos2YAc+g0hjuOB10BSD98d38xP1vPc qNrztIF+TODAl1dNwU4rCSdGQymsrMVFuXnHMH4G+dHvMAwWauzDbnILHAGFyJtfxVefABEB AAHCwWUEGAEIAA8FAltq9eICGwwFCRLMAwAACgkQ2B/JSzCwrEU3Rg//eFWHXqTQ5CKw4KrX kTFxdXnYKJ5zZB0EzqU6m/FAV7snmygFLbOXYlcMW2Fh306ivj9NKJrlOaPbUzzyDf8dtDAg nSbH156oNJ9NHkz0mrxFMpJA2E5AUemOFx57PUYt93pR2B7bF2zGua4gMC+vorDQZjX9kvrL Kbenh3boFOe1tUaiRRvEltVFLOg+b+CMkKVbLIQe/HkyKJH5MFiHAF7QxnPHaxyO7QbWaUmF 6BHVujxAGvNgkrYJb6dpiNNZSFNRodaSToU5oM+z1dCrNNtN3u4R7AYr6DDIDxoSzR4k0ZaG uSeqh4xxQCD7vLT3JdZDyhYUJgy9mvSXdkXGdBIhVmeLch2gaWNf5UOutVJwdPbIaUDRjVoV Iw6qjKq+mnK3ttuxW5Aeg9Y1OuKEvCVu+U/iEEJxx1JRmVAYq848YqtVPY9DkZdBT4E9dHqO n8lr+XPVyMN6SBXkaR5tB6zSkSDrIw+9uv1LN7QIri43fLqhM950ltlveROEdLL1bI30lYO5 J07KmxgOjrvY8X9WOC3O0k/nFpBbbsM4zUrmF6F5wIYO99xafQOlfpUnVtbo3GnBR2LIcPYj SyY3dW28JXo2cftxIOr1edJ+fhcRqYRrPzJrQBZcE2GZjRO8tz6IOMAsc+WMtVfj5grgVHCu kK2E04Fb+Zk1eJvHYRc= Message-ID: Date: Sat, 26 Mar 2022 17:17:32 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20220326114009.1690-1-aissur0002@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,NICE_REPLY_A, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Looks like bfp has a set of macro suitable for such cases: #define BITS_PER_BYTE_MASKED(bits) ((bits) & BITS_PER_BYTE_MASK) #define BITS_ROUNDDOWN_BYTES(bits) ((bits) >> 3) #define BITS_ROUNDUP_BYTES(bits) \ (BITS_ROUNDDOWN_BYTES(bits) + !!BITS_PER_BYTE_MASKED(bits)) May be it makes sense to move them to a generic header and to use here? -- Alexey Khoroshilov On 26.03.2022 14:40, Fedor Pchelkin wrote: > If count argument in copy_fd_bitmaps() is not a multiple of > BITS_PER_BYTE, then one byte is lost and is not used in further > manipulations with cpy value in memcpy() and memset() > causing a leak. The leak was introduced with close_range() call > using CLOSE_RANGE_UNSHARE flag. > > The patch suggests implementing an indicator (named add_byte) > of count being multiple of BITS_PER_BYTE and adding it to the > cpy value. > > Found by Syzkaller (https://github.com/google/syzkaller). > > Signed-off-by: Fedor Pchelkin > Signed-off-by: Alexey Khoroshilov > --- > fs/file.c | 2 -- > 1 file changed, 2 deletions(-) > > diff --git a/fs/file.c b/fs/file.c > index 3ef1479df203..3c64a6423604 100644 > --- a/fs/file.c > +++ b/fs/file.c > @@ -56,10 +56,8 @@ static void copy_fd_bitmaps(struct fdtable *nfdt, struct fdtable *ofdt, > { > unsigned int cpy, set; > unsigned int add_byte = 0; > - > if (count % BITS_PER_BYTE != 0) > add_byte = 1; > - > cpy = count / BITS_PER_BYTE + add_byte; > set = (nfdt->max_fds - count) / BITS_PER_BYTE; > memcpy(nfdt->open_fds, ofdt->open_fds, cpy); >