From patchwork Fri Apr 23 11:10:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12220125 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 08E23C433B4 for ; Fri, 23 Apr 2021 11:11:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BDCF561477 for ; Fri, 23 Apr 2021 11:11:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242194AbhDWLL6 (ORCPT ); Fri, 23 Apr 2021 07:11:58 -0400 Received: from mail.kernel.org ([198.145.29.99]:35636 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242185AbhDWLLy (ORCPT ); Fri, 23 Apr 2021 07:11:54 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0CB076144D; Fri, 23 Apr 2021 11:11:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1619176278; bh=s73o/wJyILS/DuFAVBhZN9buVbYK3YsL1DQcVOccoKY=; h=From:To:Cc:Subject:Date:From; b=g3jVFAJEjEM2SpG7kg49TskFCuLKxVXVPnO2Go5mp5UKcQIZhKtL20M8Rb/IAd8GP XK0WJUYIvAK47aqfrGEQFmXpICLx0WlJ8mIKq126MODuC595UOCFC9CdvWXmrmcdkV 6dyHe2S0Ve+CcGrMuviyu38XgON5MPFGU3xRVk1Wk7emP2VvmwRk6/78s6HP+YDEBS 3qxk/cUWY57UqZFB6hf/oc7zZGg47T79OQ82C5wAQbOhaEIo5AofTAMBnWt5C6pyHg z5citsw7R6+Wjx9XlNwhstxANH2HAB4JXLNMdax2xHitGrD6ZSt2bBAg4fbqx/czlU a3ztuQ5U8tMQg== From: Christian Brauner To: Christoph Hellwig , Aleksa Sarai , Al Viro Cc: linux-fsdevel@vger.kernel.org, Richard Guy Briggs , Christian Brauner Subject: [PATCH 1/3] fcntl: remove unused VALID_UPGRADE_FLAGS Date: Fri, 23 Apr 2021 13:10:35 +0200 Message-Id: <20210423111037.3590242-1-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=DTBkIkRNd4bcqOtvuhl7Obc19oP2/yrBuWrgwMlrBXs=; m=0y+NHR64JJHm7BpbyCR9AQq8KTzHwBNJkqNrGCv0xYA=; p=1vlusdo5gjwAF0kBP5kBKm1VG2vyL2qLrK4eGEkLgIQ=; g=9d11c722bc61e3dc9015e1ec2b7c3e9cbb3b59e8 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYIKrKAAKCRCRxhvAZXjcotawAQDMqM0 ob6cY2MziRdtPhAVET825LXg9MZIPprND2+59oAEArI4fjVv8ULQVccPX2ktmWbC9AHgMcYaWgURG Os8Wzgs= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner We currently do not maky use of this feature and should we implement something like this in the future it's trivial to add it back. Cc: Christoph Hellwig Cc: Aleksa Sarai Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner Reviewed-by: Richard Guy Briggs Reviewed-by: Christoph Hellwig --- include/linux/fcntl.h | 4 ---- 1 file changed, 4 deletions(-) base-commit: d434405aaab7d0ebc516b68a8fc4100922d7f5ef diff --git a/include/linux/fcntl.h b/include/linux/fcntl.h index 766fcd973beb..a332e79b3207 100644 --- a/include/linux/fcntl.h +++ b/include/linux/fcntl.h @@ -12,10 +12,6 @@ FASYNC | O_DIRECT | O_LARGEFILE | O_DIRECTORY | O_NOFOLLOW | \ O_NOATIME | O_CLOEXEC | O_PATH | __O_TMPFILE) -/* List of all valid flags for the how->upgrade_mask argument: */ -#define VALID_UPGRADE_FLAGS \ - (UPGRADE_NOWRITE | UPGRADE_NOREAD) - /* List of all valid flags for the how->resolve argument: */ #define VALID_RESOLVE_FLAGS \ (RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS | \ From patchwork Fri Apr 23 11:10:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12220127 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4A1A4C433ED for ; Fri, 23 Apr 2021 11:11:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 06F7561490 for ; Fri, 23 Apr 2021 11:11:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242198AbhDWLL7 (ORCPT ); Fri, 23 Apr 2021 07:11:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:35692 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242206AbhDWLL4 (ORCPT ); Fri, 23 Apr 2021 07:11:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A946461469; Fri, 23 Apr 2021 11:11:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1619176280; bh=r4O3KqJfam0P2TE7fyRmDac+amuU1Nhos7EG9f94Mi8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=HauTSVNeqsOMO3tCO+7FtGE8hIvn752IX45r1uWvh2rWSZ+P4dFCmLPD6vc7dL9Uw Cw+CY77dCuSJX2qQTVSmc1vVMPovYaV+lAaf7/iLYAzfKg1h6KINkqCoI44UTYhusA snn0TWsilSABuJ33fcx2vGuybFjYJr96Bw6TdL+6WC7pqdB1/NTj1Q6uFkljsQS47X /KtLIL85Gv8EUdafP5kzEv+eIfIV2OWE6miTdzgGtUhy/lU92pzjNSyxL1jDPcTRmZ rzRzBNPbp6S/Dyb92KC+j60cVAPSeDDQQaRFMj2AULe1bInTOVjIf5BfVOc3j6nsK3 JiQMrZpgDPvUw== From: Christian Brauner To: Christoph Hellwig , Aleksa Sarai , Al Viro Cc: linux-fsdevel@vger.kernel.org, Richard Guy Briggs , Christian Brauner Subject: [PATCH 2/3] open: don't silently ignore unknown O-flags in openat2() Date: Fri, 23 Apr 2021 13:10:36 +0200 Message-Id: <20210423111037.3590242-2-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210423111037.3590242-1-brauner@kernel.org> References: <20210423111037.3590242-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=6HfI8flciKZB4VJnvGhErn3MBardNcPBqXfs5h/OfHw=; m=YAUWuGreYWY5BJ8YWdYkCsjkQG4NYhRc+h08FFpz+qQ=; p=9DvMh1owOk4P3ZOKugjlJZ91bi4fDIcfB+PVsEVZrB8=; g=e75d4dfeaf1230f374fccbe201fc4f3d5beff203 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYIKrKAAKCRCRxhvAZXjcom0XAP9tAA6 6r7s4YlF34OT6fq9rU+qMKjJf1qm5UG4c584BSgD/dKqTvrmgV7Vz+q37vUkDlZsdySZgznf5oguN m4IQggk= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner The new openat2() syscall verifies that no unknown O-flag values are set and returns an error to userspace if they are while the older open syscalls like open() and openat2() simply ignore unknown flag values: #define O_FLAG_CURRENTLY_INVALID (1 << 31) struct open_how how = { .flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID, .resolve = 0, }; /* fails */ fd = openat2(-EBADF, "/dev/null", &how, sizeof(how)); /* succeeds */ fd = openat(-EBADF, "/dev/null", O_RDONLY | O_FLAG_CURRENTLY_INVALID); However, openat2() silently truncates the upper 32 bits meaning: #define O_FLAG_CURRENTLY_INVALID_LOWER32 (1 << 31) #define O_FLAG_CURRENTLY_INVALID_UPPER32 (1 << 40) struct open_how how_lowe32 = { .flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID_LOWE32, .resolve = 0, }; struct open_how how_upper32 = { .flags = O_RDONLY | O_FLAG_CURRENTLY_INVALID_LOWE32, .resolve = 0, }; /* fails */ fd = openat2(-EBADF, "/dev/null", &how_lower32, sizeof(how_lower32)); /* succeeds */ fd = openat2(-EBADF, "/dev/null", &how_upper32, sizeof(how_upper32)); That seems like a bug. Fix it by preventing the truncation in build_open_flags(). There's a snafu here though stripping FMODE_* directly from flags would cause the upper 32 bits to be truncated as well due to integer promotion rules since FMODE_* is unsigned int, O_* are signed ints (yuck). This change shouldn't regress old open syscalls since they silently truncate any unknown values. Cc: Christoph Hellwig Cc: Aleksa Sarai Cc: Al Viro Cc: linux-fsdevel@vger.kernel.org Reported-by: Richard Guy Briggs Signed-off-by: Christian Brauner Reviewed-by: Christoph Hellwig Reviewed-by: Aleksa Sarai --- fs/open.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/open.c b/fs/open.c index e53af13b5835..96644aa325eb 100644 --- a/fs/open.c +++ b/fs/open.c @@ -1002,12 +1002,17 @@ inline struct open_how build_open_how(int flags, umode_t mode) inline int build_open_flags(const struct open_how *how, struct open_flags *op) { - int flags = how->flags; + u64 flags = how->flags; + u64 strip = FMODE_NONOTIFY | O_CLOEXEC; int lookup_flags = 0; int acc_mode = ACC_MODE(flags); - /* Must never be set by userspace */ - flags &= ~(FMODE_NONOTIFY | O_CLOEXEC); + /* + * Strip flags that either shouldn't be set by userspace like + * FMODE_NONOTIFY or that aren't relevant in determining struct + * open_flags like O_CLOEXEC. + */ + flags &= ~strip; /* * Older syscalls implicitly clear all of the invalid flags or argument From patchwork Fri Apr 23 11:10:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christian Brauner X-Patchwork-Id: 12220129 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-19.0 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F554C43460 for ; Fri, 23 Apr 2021 11:11:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id DABFA61480 for ; Fri, 23 Apr 2021 11:11:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242208AbhDWLMA (ORCPT ); Fri, 23 Apr 2021 07:12:00 -0400 Received: from mail.kernel.org ([198.145.29.99]:35742 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S242202AbhDWLL7 (ORCPT ); Fri, 23 Apr 2021 07:11:59 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 10C4A6147D; Fri, 23 Apr 2021 11:11:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1619176283; bh=pjE8XoiOHb5Zd3y1l4Lvg/af6r3WBqGSm9Jo4GLTJ5E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ntm5KzXOvweW0nA5Pmhx95BukpLh6raZfy7sI7XVq4D5P7ZyvplgypIXAnrC2607l CJPgNRtH8u7fTVET4oQoxcjew9e2BAHU6pBb9Hp8lfekavpv8aSNPE5cSWLW5X4AgD I6hf2fBo37FH1a/Raa2a0//ulP3jdXeUz8jya8fF6xHc+sIRu83YRkNIjF2It3vOwF 5w3e+8Z1IcAcci47VDkL0VjpYQCd5yTSNvzhG5940xRtxL2ZBfOanc1BYiW9LTi1gW U8DLs7GLdnmJFOxcPv5hVhcqzqOTjrf94+MXT5iCBmxdzBvpjKxxTy7aILe4AF57pq IETq4O/wlbKGQ== From: Christian Brauner To: Christoph Hellwig , Aleksa Sarai , Al Viro Cc: linux-fsdevel@vger.kernel.org, Richard Guy Briggs , Christian Brauner Subject: [PATCH 3/3] test: add openat2() test for invalid upper 32 bit flag value Date: Fri, 23 Apr 2021 13:10:37 +0200 Message-Id: <20210423111037.3590242-3-brauner@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210423111037.3590242-1-brauner@kernel.org> References: <20210423111037.3590242-1-brauner@kernel.org> MIME-Version: 1.0 X-Patch-Hashes: v=1; h=sha256; i=6+RcscGOaXAinCRHaVNgdgAhifNJThafX6rt6a5+G6o=; m=a8Z5yvitPlTc1wDJHiW3AeQQyNAKS1bSJsa+KhPte/o=; p=ymW6tJ+NdmQkM5kg4yHMHlm7HPu+GeA2wFqVftBEchM=; g=88fd5aea8882d7b88e7a2b461c74704af0e83345 X-Patch-Sig: m=pgp; i=christian.brauner@ubuntu.com; s=0x0x91C61BC06578DCA2; b=iHUEABYKAB0WIQRAhzRXHqcMeLMyaSiRxhvAZXjcogUCYIKrKAAKCRCRxhvAZXjcovSRAQDIBi4 vk1mdK5u3SQ8DUyRWq/iyShGFb1tr65A7CrL5PwD+LR2RiZcOo7ehbDXzcKXDg42wmNm47lzoDJBf 8S3ybAA= Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org From: Christian Brauner Test that openat2() rejects unknown flags in the upper 32 bit range. Cc: Richard Guy Briggs Cc: Aleksa Sarai Cc: linux-fsdevel@vger.kernel.org Signed-off-by: Christian Brauner --- tools/testing/selftests/openat2/openat2_test.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/openat2/openat2_test.c b/tools/testing/selftests/openat2/openat2_test.c index 381d874cce99..7379e082a994 100644 --- a/tools/testing/selftests/openat2/openat2_test.c +++ b/tools/testing/selftests/openat2/openat2_test.c @@ -155,7 +155,7 @@ struct flag_test { int err; }; -#define NUM_OPENAT2_FLAG_TESTS 24 +#define NUM_OPENAT2_FLAG_TESTS 25 void test_openat2_flags(void) { @@ -229,6 +229,11 @@ void test_openat2_flags(void) { .name = "invalid how.resolve and O_PATH", .how.flags = O_PATH, .how.resolve = 0x1337, .err = -EINVAL }, + + /* Invalid flags in the upper 32 bits must be rejected. */ + { .name = "invalid flags (1 << 63)", + .how.flags = O_RDONLY | (1ULL << 63), + .how.resolve = 0, .err = -EINVAL }, }; BUILD_BUG_ON(ARRAY_LEN(tests) != NUM_OPENAT2_FLAG_TESTS);