Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp372483lqo; Fri, 10 May 2024 02:29:30 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVQBfu4vvxf44TwF02/tRHi9Qyr1ztLNROVQxOGB7tw3plGLEv1Yty5Y4y6TtrR95yxTeILt7HhLlhIbg9psGqdY8c2dPjqNCuK9dlw7g== X-Google-Smtp-Source: AGHT+IGxfgY7VYTASNbSUPcVWWP7kM+VXqi95V0T+NGnFg1Mk8iLGjf06JHZBb6zqvXOBdibLzjr X-Received: by 2002:a17:902:d507:b0:1ea:f7d4:2327 with SMTP id d9443c01a7336-1ef43c0951emr26944155ad.9.1715333370646; Fri, 10 May 2024 02:29:30 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715333370; cv=pass; d=google.com; s=arc-20160816; b=DL1dx7CTK48ibm6gDW6+exql462U+2N4mMcqfrLsAouAeWqvV+5QKSHmuxPHqBqBng yJ1Law9AphApG9Dr/FTLVVb+l9m6K2UY+86IXdRX7RszZ2hUo9dR9RiCFwQXhUQdjuuV sW6L0XV2xfK19X9NFbDgc7fZfrImBbZ9lJ2K5EPgdIO0cdZwMm7oWJkmC80oLK+fpbb7 eSvtRPfVf3MjXi7a3sPhcdEEo/pArYIQcqGpWwYBbJIwLx0Seyi/4SNtih8NGFsU33nf fpiO28piwtuOfSnPluB6rpaGfo+82gmWWcSvWpZOrwSfL5b4RnY/xOI2iyw8xz6/oq7y Pj9A== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:in-reply-to:content-disposition:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:references :message-id:subject:cc:to:from:date:dkim-signature; bh=9BEIrQ+9MvvMRnuPmQrJgc1/AxggZCBl/hYSbaTzqVY=; fh=rVaxhcuFXLlAgeiN57QjWaNNP4MqBeg/iAPeZMBm6Gg=; b=PQOTa/M9ETFxJlQ2cs1lzfi0RSyXhkbIYwQjaUNKPaHZ3pQBThzpG9rI0SzYZ6wesc LMJl2spJGan8YV5H/FBk8bAVzr4i7TBagwrcNGvZiGMCEox8NSdpIaRpvgueP9U6YAsi Fgk8vhJ/5GSnF28ESnoGWeIQjtXeSnYQngkXmg6YHxx3U11LhX3oWY4hVijfH1Jg3MeU jb92yo5QgnWTbvLAXlEpGqz+gaiN2OCfchEuIA4JyHqHt7IjC4k9QWRQjndaBzqlbCcc FT1a0vIAslLBNKTXoceW7g/a+xjStIeH805feRHECeRMnXaVTUGw4OOGURNkHIx5B3E6 rqIg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=pOYYVDPa; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-175372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175372-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id d9443c01a7336-1ef0b9d142bsi31423285ad.17.2024.05.10.02.29.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 May 2024 02:29:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-175372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.org.uk header.s=zeniv-20220401 header.b=pOYYVDPa; arc=pass (i=1 dkim=pass dkdomain=linux.org.uk dmarc=pass fromdomain=zeniv.linux.org.uk); spf=pass (google.com: domain of linux-kernel+bounces-175372-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-175372-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=zeniv.linux.org.uk Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 72B4A282D6D for ; Fri, 10 May 2024 07:02:51 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EBAA915E810; Fri, 10 May 2024 07:02:40 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b="pOYYVDPa" Received: from zeniv.linux.org.uk (zeniv.linux.org.uk [62.89.141.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CC47E5490E; Fri, 10 May 2024 07:02:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=62.89.141.173 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715324560; cv=none; b=FI4d7B6LsUbX85hMYghkOE8up3NJXszulboSltQ12gfKqerWWLVkEGSmgmLDyvvnwndnNqnovHs12omh+Xj03Vmgh3lnJ8Q+9dwg9Y1zyaJoSWb4rfZi7GCl4LM4q+G2+KSpkfWrmefQpBCVK9bhPjt65j65ENJ7kCDyUXvHFFo= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715324560; c=relaxed/simple; bh=I9q2/LE7OixOeEBOotIdBWSBIomAbjME2L8JXihXNWA=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=ucLKuSkAzrLZrLzHj8eEFumCWzAC9ja3exzK0Wl0Eg3ZOPgg8cQ+TYOOo4sO78PezrKaNVFK7DxEK9d6IysNIQyniApQgcWzY22l5YqlFxElZu+hrnGrlNromT15mb5Fpd8njWbfuddC93zC3Gvq//OAJpBH3Fa6uq8JbDbOqzg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk; spf=none smtp.mailfrom=ftp.linux.org.uk; dkim=pass (2048-bit key) header.d=linux.org.uk header.i=@linux.org.uk header.b=pOYYVDPa; arc=none smtp.client-ip=62.89.141.173 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=zeniv.linux.org.uk Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=ftp.linux.org.uk DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=linux.org.uk; s=zeniv-20220401; h=Sender:In-Reply-To:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=9BEIrQ+9MvvMRnuPmQrJgc1/AxggZCBl/hYSbaTzqVY=; b=pOYYVDPa7cVJDbdcvYoD4wfRNM xwNDLjiie4qeT3z15wFQqeGABjlPtifo1iQjjPye49GUPseiI6nXut1fWigs5y4sT044H9jFKJ75k QCcTDjW7uASr80yCwVSwB1qOsZZgEJuIJhj479327r5LuU9RM8MTDYYSshbyMcn1D7M04+Wo88WQq jiBgRAvAT9kaJ6lJdXRT3jQ3azXQ0aA6VCYuKZigc0ohSdSFDIlgfHC29mEfdgHOEsKwoCDyC5qcp KS8dQJdHFljNZtVfyKUiEefcvnfx5Lr6jEo4Z5r2zviNJ5csO4xAhSr3NDZsDRMYWI4ue1rjjfaNk /+H/Eybg==; Received: from viro by zeniv.linux.org.uk with local (Exim 4.96 #2 (Red Hat Linux)) id 1s5KGy-002BnN-1U; Fri, 10 May 2024 07:02:28 +0000 Date: Fri, 10 May 2024 08:02:28 +0100 From: Al Viro To: Justin Stitt Cc: Christian Brauner , Jan Kara , Nathan Chancellor , Bill Wendling , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, llvm@lists.linux.dev, linux-hardening@vger.kernel.org Subject: Re: [PATCH] libfs: fix accidental overflow in offset calculation Message-ID: <20240510070228.GY2118490@ZenIV> References: <20240510-b4-sio-libfs-v1-1-e747affb1da7@google.com> <20240510004906.GU2118490@ZenIV> <20240510010451.GV2118490@ZenIV> <6oq7du4gkj3mvgzgnmqn7x44ccd3go2d22agay36chzvuv3zyt@4fktkazj4cvw> <20240510044805.GW2118490@ZenIV> <20240510063312.GX2118490@ZenIV> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240510063312.GX2118490@ZenIV> Sender: Al Viro On Fri, May 10, 2024 at 07:33:12AM +0100, Al Viro wrote: > As the matter of fact, it would be interesting to find out > which instances, if any, do *not* have that relationship > between SEEK_CUR and SEEK_SET. If such are rare, it might > make sense to mark them as such in file_operations and > have vfs_llseek() check that - it would've killed a whole > lot of boilerplate. And there it a careful handling of > overflow checks (or a clear comment explaining what's > going on) would make a lot more sense. > > IF we know that an instance deals with SEEK_CUR as SEEK_SET to > offset + ->f_pos, we can translate SEEK_CUR into SEEK_SET > in the caller. FWIW, weird instances do exist. kernel/printk/printk.c:devkmsg_llseek(), for example. Or this gem in drivers/fsi/i2cr-scom.c: static loff_t i2cr_scom_llseek(struct file *file, loff_t offset, int whence) { switch (whence) { case SEEK_CUR: break; case SEEK_SET: file->f_pos = offset; break; default: return -EINVAL; } return offset; } SEEK_CUR handling in particular is just plain bogus: lseek(fd, -9, SEEK_CUR) doing nothing to current position and returning EBADF. Even if you've done lseek(fd, 9, SEEK_SET) just before that... I suspect that some of those might be outright bugs; /dev/kmsg one probably isn't, but by the look of it those should be rare. Then there's orangefs_dir_llseek(), with strange handling of SEEK_SET (but not SEEK_CUR); might or might not be a bug... From the quick look it does appear that it might be a project worth attempting - exceptions are very rare.