Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp2508087imw; Sun, 10 Jul 2022 08:05:18 -0700 (PDT) X-Google-Smtp-Source: AGRyM1t4/QT3hLrpKmE968EaBj19LyXvupfHzkLMyjZzQ1+9uvfOcZrURF0PIVsRVg7/VRSBqNnt X-Received: by 2002:a17:907:7395:b0:72b:1c78:7b8a with SMTP id er21-20020a170907739500b0072b1c787b8amr13749525ejc.98.1657465518155; Sun, 10 Jul 2022 08:05:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657465518; cv=none; d=google.com; s=arc-20160816; b=hdupfSMvQtCjAHeX+VrRsqFEaGSYUMu+e2K4yTebwjRvWvrxV/8fv5YpPld+E1cgtJ ChTFAMHfrbIadt87YS02pMKZ4Fyv3d3FHlwDH+1EAIHf4O65tNcOygwyYZYwIO8w6li+ /5OY+bbeGxXJ+QJSXnaCC9kc6IhuEadV4Sj7riflomrFftmm6GQB8Uu6hPlAIPMVDjR/ aBAlFZ7wSrKkdaogdv1hENTNsZnqVYZYlYY6ug8oGsYCLqfvses3G0LZibM9k+O4QgGU g3HeRpgb0pbaeE0QLIrwdiZyYeHLBXp2YGrv077akBgpdb1uReGK3M6/m/sXhU8TxR2d GLmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=WJOfGDr7u/BDDToEE9Qvjgh28U6lSAYZqnZi422JXYY=; b=yye85HU+bWJQpWiQ3iBYckga8aEGBqPSBXaCUmwD9nr+Ij9PPHH1ykoPaNR1zHzaXd p5XAcW2qh3Q3rTsgkRP0N3DpBOrYg1U41EwaGpMXpn1LSZexafFVvInSGRFG5a/UivxN tHfcdANE9M673Pzu2fpfJHPjtl+z+ZGDd1p9wNf9jSw+Alfsk7QBa8srmqaR12zN6pEc 7IgnbO8ykGRy3mP5lmLTAaL88E5FYc33pC+sI9lJQeRDh6DxB4azU/GTEVCBGr1jI71B mNJCImXQtLAlMiifw/UdKliOCjtlcWAlmqnRbrnGic6nL0szwakGymg5APqsXbNVIMxL OB7Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@crudebyte.com header.s=kylie header.b=Sk5AKrhU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=crudebyte.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ht19-20020a170907609300b00726ed232bebsi6950014ejc.630.2022.07.10.08.04.51; Sun, 10 Jul 2022 08:05:18 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@crudebyte.com header.s=kylie header.b=Sk5AKrhU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=crudebyte.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229564AbiGJOtm (ORCPT + 99 others); Sun, 10 Jul 2022 10:49:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52222 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbiGJOtl (ORCPT ); Sun, 10 Jul 2022 10:49:41 -0400 Received: from kylie.crudebyte.com (kylie.crudebyte.com [5.189.157.229]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D5C0CE09D; Sun, 10 Jul 2022 07:49:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=crudebyte.com; s=kylie; h=Content-Type:Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From: Content-ID:Content-Description; bh=WJOfGDr7u/BDDToEE9Qvjgh28U6lSAYZqnZi422JXYY=; b=Sk5AKrhUTgnBq8NkdSEVntBrug mPi63BSKjiStajFW8QukCAZqdAsWKMB1K/phOnT5IzYZeiO2hO/17R4aLh/gl0ZQNqCvtkjPA2BCV 7ByjyApVa9Y+nKo6MiO/4tqFmtnaMvtDeV5Ezit500f2R7aBFWxLoXph8HZlgXbrL7iiDkJhlGZa7 oYmFd/E+7E8RpkowUfyDnj5IxvZ2Z6CDwiDfzz6rHaqLFD8PlYLjFkfA/ASs5gO0TV2UoHL0wdl77 B7jNcRSz/N4wrmxYqd2Hs00jfiDNPRB2wxlBhcPbayAL3xxFG0nl/qQhuVtnwA1Iwv9ZqbRMh1MYz QWoSPIBR07rlAyOFO+vB17tTtmh6pqBA54wZPwHWIx1ofy9mimoANDsqFHp5ykaseoh47q5hekjg+ nWudIjDbeLiwl90BZFmFOlToFGpxUh4wgR2HfEDbcX0iIqgPaJzJUatT6HMGZk3d3HX84S2M0hn0z 8HK/yUNG8KqBG6Ocq9b3XZvtGqjNtXj70ekSUHr1CFV/E4EQ3ULqxeqTw1fsA85br1fXZWZq1BiZ/ ZeXJYiFVciaYYBJ84Qw0R5yRH6oCtHOoT8vdKo8csT4iBb9jW9HvanNNHFcTn9pf1UNNyM64FB+M1 2CelIqseABwnf4M+EwNZOr9wm9mSzWBc9U7G+p8rY=; From: Christian Schoenebeck To: Dominique Martinet , Tyler Hicks Cc: Eric Van Hensbergen , Latchesar Ionkov , Christophe JAILLET , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , v9fs-developer@lists.sourceforge.net, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] net/9p: Initialize the iounit field during fid creation Date: Sun, 10 Jul 2022 16:48:29 +0200 Message-ID: <1984068.YOKu8ataPd@silver> In-Reply-To: <20220710141402.803295-1-tyhicks@linux.microsoft.com> References: <20220710141402.803295-1-tyhicks@linux.microsoft.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sonntag, 10. Juli 2022 16:14:02 CEST Tyler Hicks wrote: > Ensure that the fid's iounit field is set to zero when a new fid is > created. Certain 9P operations, such as OPEN and CREATE, allow the > server to reply with an iounit size which the client code assigns to the > p9_fid struct shortly after the fid is created by p9_fid_create(). On > the other hand, an XATTRWALK operation doesn't allow for the server to > specify an iounit value. The iounit field of the newly allocated p9_fid > struct remained uninitialized in that case. Depending on allocation > patterns, the iounit value could have been something reasonable that was > carried over from previously freed fids or, in the worst case, could > have been arbitrary values from non-fid related usages of the memory > location. > > The bug was detected in the Windows Subsystem for Linux 2 (WSL2) kernel > after the uninitialized iounit field resulted in the typical sequence of > two getxattr(2) syscalls, one to get the size of an xattr and another > after allocating a sufficiently sized buffer to fit the xattr value, to > hit an unexpected ERANGE error in the second call to getxattr(2). An > uninitialized iounit field would sometimes force rsize to be smaller > than the xattr value size in p9_client_read_once() and the 9P server in > WSL refused to chunk up the READ on the attr_fid and, instead, returned > ERANGE to the client. The virtfs server in QEMU seems happy to chunk up > the READ and this problem goes undetected there. > > Fixes: ebf46264a004 ("fs/9p: Add support user. xattr") > Cc: stable@vger.kernel.org > Signed-off-by: Tyler Hicks Reviewed-by: Christian Schoenebeck > --- > > v2: > - Add Fixes tag > - Improve commit message clarity to make it clear that this only affects > xattr get/set > - kzalloc() the entire fid struct instead of individually zeroing each > member > - Thanks to Christophe JAILLET for the suggestion > v1: https://lore.kernel.org/lkml/20220710062557.GA272934@sequoia/ > > net/9p/client.c | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/net/9p/client.c b/net/9p/client.c > index 8bba0d9cf975..371519e7b885 100644 > --- a/net/9p/client.c > +++ b/net/9p/client.c > @@ -889,16 +889,13 @@ static struct p9_fid *p9_fid_create(struct p9_client > *clnt) struct p9_fid *fid; > > p9_debug(P9_DEBUG_FID, "clnt %p\n", clnt); > - fid = kmalloc(sizeof(*fid), GFP_KERNEL); > + fid = kzalloc(sizeof(*fid), GFP_KERNEL); > if (!fid) > return NULL; > > - memset(&fid->qid, 0, sizeof(fid->qid)); > fid->mode = -1; > fid->uid = current_fsuid(); > fid->clnt = clnt; > - fid->rdir = NULL; > - fid->fid = 0; > refcount_set(&fid->count, 1); > > idr_preload(GFP_KERNEL);