Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2589183lqp; Mon, 25 Mar 2024 03:45:12 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWCsdBkKJY5b1br87evtQwuPjq0SVfnYteFe2DpbwFgfM4YVOvYOWNkbrrio216zXZiVVnw6pq4dSFMyy4L2i76jtNxmMtZduK54xMVeA== X-Google-Smtp-Source: AGHT+IEorA1ktRiBMIZv6Iel9O2hxyy6WK6rgsr/tMRYe7DVqswihXbOmnsiIlSISC8NHD4PQr1d X-Received: by 2002:a17:902:da87:b0:1e0:b287:c1d8 with SMTP id j7-20020a170902da8700b001e0b287c1d8mr5811520plx.5.1711363512464; Mon, 25 Mar 2024 03:45:12 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711363512; cv=pass; d=google.com; s=arc-20160816; b=KYQsQRbfE0lS+Hbqp+3nygprCR6cCTYNgwLwcMX8AqFfTvTKLkoJvMhTiqZMgRQFi1 /wo0G4hBBRH20B8aL1bZgKI9Ni/l9RCLlne23ntmxtQ+Qm5minQeZ/O3yaRlbpt5m2wC 6MS1KvS51AG1xW6ztUjlES8p5yg6ZLJQRqo49nqtUl1DNuVcYyc6k/fFOKwJ2p0iGcYT er7lp5dwntucGPU+HhJt118mOV0YSQHH/zm/MDD2V66qwrYKcIhZn45C6Ci1hq5/m2Xf DKaALVI/x1e2STNp4hULd7qktnYz3vPMxM13FBcyJ1d9juAUtQgA8zGifnkndL0eoOXm QZkQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=DoxK0YNgGjYpGEShNPEQ5ijQfTo3tGD+dkhWuoCDSNY=; fh=Qt8ZLu1zs6vkfOdM2sbLVGj/5Ufj/q4ZdIIDO2YTwR8=; b=rCg4H5isGKvhDd2s26jcOOlGZZB1pmpur1CF13hJ9HBX65PDNt1xfwSZNZQ0eTDsMO jvEybSKiiFzJbD5htP1NULPlIRiTRueGWS8tkd8RTYArL39ab7D5K5For6n5wFW3uQSl 8td57nsG70l+KvoZ8L0DWYW2eZYZgkoX3opk66g0IA2zOI53+L3elOp65eEhxEVeRasH FvgzjzR4kWTeRSpGnAqNAiYV3n6wu79djwbFVT2pIe196cvAeCOe8x2QdSNaZlBQONWo //QK0BMFnhlxHju5FDwQgCxX4v5yPbp9cx/q2C8l0BdCBNZz7+TBZFmZ64Wpi+uuHKdj byxA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NhhUi1aM; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115336-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115336-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id m10-20020a170902f64a00b001e0caf9d9b4si713710plg.501.2024.03.25.03.45.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Mar 2024 03:45:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-115336-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=NhhUi1aM; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-115336-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-115336-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A0C842A1DC0 for ; Mon, 25 Mar 2024 10:37:49 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 3E4541E5F53; Mon, 25 Mar 2024 02:33:03 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="NhhUi1aM" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 523F41D1D58; Sun, 24 Mar 2024 22:48:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320533; cv=none; b=FmjcuAa4WLeIRNrWfRAFVH3QfbuPmIxcmkYFxSBw3W7PJC1+Ht9PnFVDeEQj6FOtoEvtEvmy8tLB13+9XavQeLsWWuC5cLwYqVO0jiK6NXvnPeb0/0UOplqbVbRE2DpTpzS9qoK1BeI5DmYOeGv6xt2SMySFSY94psxZe32Xl1s= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320533; c=relaxed/simple; bh=76vkGyrV3hb3aWyw3PS3hSUigT9JbLaVi74F4EZkltQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=c0B/jWAokJ6zVUNNl4fFtNN6987Jh1zYVYndi3ExrePfPmyfGk7VOdxCOOYUac+kNqnx2oFOMEaoLzVH643ZBzqjVeHoVc8yoyc65pLkQjtv1vaQ/C8BlcrfR86Et5C232ILqf/AgPMGwYF+WIJSB/YcI/p5veBlX0+tSrdO2vs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=NhhUi1aM; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id BAC5CC43330; Sun, 24 Mar 2024 22:48:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320531; bh=76vkGyrV3hb3aWyw3PS3hSUigT9JbLaVi74F4EZkltQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=NhhUi1aMyE7ukx0oD9AQLBK26vBN1cxtCHxI2jm7b4YPq91TmcDIf3Z2Jur/s69iz utO6U/71LXy+B6m+9ZA32wjh+eiNeOjaq7gs+lu39sAek3ewyCbp9cu3fU+aWSXTxy 9HB4zu7rlzh7zW0dV0xIqDmd8Lyh/C7WrBfTkoaCsQ5+1wfBkhItO/ok8qNYh1+ddn 9Dd65Nx8Ym2N3bE8UjRX9T44LXMq0Mm9FMzhddy/+WjwBS+lQWzOL6M9MxKKDzBH1T 62OKs4LVF+Hs56nml2634Sw9UolD6rwhyL7Icrz2Rbox1Y+aVhaxFbS9RUJsh2D03/ LJyHohE8OAXPg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Bart Van Assche , Christoph Hellwig , Kanchan Joshi , Jeff Layton , Chuck Lever , Jens Axboe , Stephen Rothwell , Christian Brauner , Sasha Levin Subject: [PATCH 6.7 093/713] fs: Fix rw_hint validation Date: Sun, 24 Mar 2024 18:36:59 -0400 Message-ID: <20240324224720.1345309-94-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324224720.1345309-1-sashal@kernel.org> References: <20240324224720.1345309-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Bart Van Assche [ Upstream commit ec16b147a55bfa14e858234eb7b1a7c8e7cd5021 ] Reject values that are valid rw_hints after truncation but not before truncation by passing an untruncated value to rw_hint_valid(). Reviewed-by: Christoph Hellwig Reviewed-by: Kanchan Joshi Cc: Jeff Layton Cc: Chuck Lever Cc: Jens Axboe Cc: Stephen Rothwell Fixes: 5657cb0797c4 ("fs/fcntl: use copy_to/from_user() for u64 types") Signed-off-by: Bart Van Assche Link: https://lore.kernel.org/r/20240202203926.2478590-2-bvanassche@acm.org Signed-off-by: Christian Brauner Signed-off-by: Sasha Levin --- fs/fcntl.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index c80a6acad742f..3ff707bf2743a 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -268,7 +268,7 @@ static int f_getowner_uids(struct file *filp, unsigned long arg) } #endif -static bool rw_hint_valid(enum rw_hint hint) +static bool rw_hint_valid(u64 hint) { switch (hint) { case RWH_WRITE_LIFE_NOT_SET: @@ -288,19 +288,17 @@ static long fcntl_rw_hint(struct file *file, unsigned int cmd, { struct inode *inode = file_inode(file); u64 __user *argp = (u64 __user *)arg; - enum rw_hint hint; - u64 h; + u64 hint; switch (cmd) { case F_GET_RW_HINT: - h = inode->i_write_hint; - if (copy_to_user(argp, &h, sizeof(*argp))) + hint = inode->i_write_hint; + if (copy_to_user(argp, &hint, sizeof(*argp))) return -EFAULT; return 0; case F_SET_RW_HINT: - if (copy_from_user(&h, argp, sizeof(h))) + if (copy_from_user(&hint, argp, sizeof(hint))) return -EFAULT; - hint = (enum rw_hint) h; if (!rw_hint_valid(hint)) return -EINVAL; -- 2.43.0