From patchwork Tue May 30 20:31:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101108 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2447620vqr; Tue, 30 May 2023 13:38:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7EgHs+atH9/PTx7YOXqEMPmn7znFCmUgP77ekatXTZP4lA6PjnSxUFFvxXp3zyZtL8yaHp X-Received: by 2002:a17:90b:1e4a:b0:255:7d50:c1aa with SMTP id pi10-20020a17090b1e4a00b002557d50c1aamr3441420pjb.44.1685479114440; Tue, 30 May 2023 13:38:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479114; cv=none; d=google.com; s=arc-20160816; b=rp5cyXb0sg6w0n3r6W/IoRbe1USW+toINUzPvW2564jij3KBW9lwT55gXPWxNqBCjB vMKcrdfSV4aYpyle+VIoCnWeRurArsnq/FaGY6HyPjcLxQQ5O8U7DlfKDwmcrjWdeZnp DoAQ0Tz6Fqnlor/SkH/QCF71BXO5EjDMnvCEwhrOBzcfZ2PM70eIREdmTaAo/nDHZYL3 Q5NJDFlXMk14yZ8QyPCeqgyZIBWsTKlYdZGY/GiRLaxhmsGHLgUMiPCa5IACQ0/SWnmZ cC4NQ3YZxHYXuk429gt31j7NKFHtD2swhGHwt3HGHhya8G3FOU07I3glcNz5bpKnFVs7 gp3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=YCzACzClxGa/ktYTHwJaaNWjaN7phPISbw1cPfpWZUo=; b=Au7lxDOZv/LBTYhW/Nh6R2KESW56EgT04LfCzAa7lCOBQuAA7mZJLX0+a3kmrtwUE4 mS4Oe1zljhCOQ1SJYpFry0Gnh/BLuyomYtiYqy8BndUCB2zM/UA+f7Q+U4IyXMjEyXO9 rdJTsua6GRJrSwNNjNtf2e1Zv47T4HU/ngOd85vymziCOKQ6QxFHMqwatkdkW9DWqMdF B7QQHBDQn6SIrPIQ8cKMVTC7Nn7t2j0NON78c29E6x5EbYXEDQyEY4a2tQld0Y9cIL24 UEVRl+IlOb+p7FsKoZieJW8FSZ9dNt/8x63KhTan5lFlb5dbtA4jtAJOxW/+H0UcWE+c COGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=A2bqaqso; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=WWCIJ4Q1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h16-20020a17090adb9000b00250a970092bsi1989113pjv.4.2023.05.30.13.38.21; Tue, 30 May 2023 13:38:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=A2bqaqso; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=WWCIJ4Q1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233407AbjE3Ubo (ORCPT + 99 others); Tue, 30 May 2023 16:31:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54808 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231199AbjE3Ubi (ORCPT ); Tue, 30 May 2023 16:31:38 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1D64AFC; Tue, 30 May 2023 13:31:38 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id E111C3200564; Tue, 30 May 2023 16:31:36 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:37 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478696; x=1685565096; bh=YCzACzClxG a/ktYTHwJaaNWjaN7phPISbw1cPfpWZUo=; b=A2bqaqsodYaS3trUBnAvHbPHd3 LVnzv94OZsAab6NwgPLjBRfIiWlcKcR9Am7w7rrKWKhPylPRgC/Z2VcNnFU62eUL QTY6dlRFGDe23eZCW+dp0yNNmIRdMnyt2GgAGoiZhtgYvFZOA0VagWHCdhatNzfh TUgJDh+kiXR5cwVFR2KVVnJ7q4TZ5ZwBzCrj9Ax6A1mxFH11UB3jAjTrIxT82ler iv2JQNpLTLFvHis5VI4rWrAU32RDGijA49HX+5RYgB9Kc80xrRJg46IUUWg09Whp OfnQ4sOEVlnEOjG350bX8Xu2+XWR1rAuxgIrN4SPyci767A9fPU8B1J2jDPA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478696; x= 1685565096; bh=YCzACzClxGa/ktYTHwJaaNWjaN7phPISbw1cPfpWZUo=; b=W WCIJ4Q1thNeJ9imoVk0+dlu1mJom8VM4vHfRKeLxMXjDqr0PwWHi8Pq8EqycYuWd pRyrl8aldz+pjfYnAgy+Kh35P1CyNuQUI3mrEIQOCMgmmSGUUCfVBQT72wavTR/V 4z3iS7j2NEdfQcwwDSR32YarwaCCyQuGbfUgprJEbygrw8xplcCYQEFQbiREHXnq Bl8hQ68TiF84tjWjP2sbeAf3ceMf3sytqQt110go28ao3jtHtBvxsYJ0Fby4sCtP d3nB1fS6fQM0vzfbFfklzcPFwD3Fcw3Mj0ihhxf+Z72Q9IW+KDqdO2d8eoW5rmDb GSIQ01eTKLxX0YWgJcCqA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:35 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, stable@vger.kernel.org Subject: [PATCH v2 01/16] device-mapper: Check that target specs are sufficiently aligned Date: Tue, 30 May 2023 16:31:01 -0400 Message-Id: <20230530203116.2008-2-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767352948136883659?= X-GMAIL-MSGID: =?utf-8?q?1767352948136883659?= Otherwise subsequent code will dereference a misaligned `struct dm_target_spec *`, which is undefined behavior. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index cc77cf3d410921432eb0c62cdede7d55b9aa674a..34fa74c6a70db8aa67aaba3f6a2fc4f38ef736bc 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1394,6 +1394,13 @@ static inline fmode_t get_mode(struct dm_ioctl *param) static int next_target(struct dm_target_spec *last, uint32_t next, void *end, struct dm_target_spec **spec, char **target_params) { + static_assert(_Alignof(struct dm_target_spec) <= 8, + "struct dm_target_spec has excessive alignment requirements"); + if (next % 8) { + DMERR("Next target spec (offset %u) is not 8-byte aligned", next); + return -EINVAL; + } + *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); From patchwork Tue May 30 20:31:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101111 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2450266vqr; Tue, 30 May 2023 13:44:22 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6C+f8ryGCDcIQUenTSp9iCawVMfBb+pjlJHdoezZfz18WnspiHv/ilfGYaCOcVXXFNIf6Y X-Received: by 2002:a05:6a20:1581:b0:105:f8e4:7214 with SMTP id h1-20020a056a20158100b00105f8e47214mr3790315pzj.42.1685479462510; Tue, 30 May 2023 13:44:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479462; cv=none; d=google.com; s=arc-20160816; b=ezpBhWAgMhVS5o7/gWoqlsxvkId5XIiwagAhNe2KwiVnAweRryeQXy/r0h5PNmkfcH T/M5YQ518Sh3w/cSbvogU1/gZLRq29fGIv39/PaX4Z6ollzUE3kOyRmjwNTrAr15kqjf H0BTc/i6H8Ls2hARX4RUtpnhGbRK/iuHz6IakeemE/zZwJPVbHmUXxA4MDVB0XveNZkM IyYBWLQyqfY9/pMOJVD8RorDdPLxebpVhVWDQSJhleeYUCn+Mcv/buiX/0T4Ddes22AQ R7a12dxX+Jo8kE9SlHGoSperbTW0jZKiSQnj69UiygtQ64wYnY+MX4nz7AHPT1GWFRak tJqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=aSjkzE25S8BxmyJfHmxx2kjK812O0BGlmJS9UYp63Y4=; b=ATXwCoZpRbfD6jHQxhAkpo+L2+qctpzMArw8zKJz6/WjqH61HP8QcONH9Yzqj6pFyZ 5IimloIVzf4rhj/BBzq8Bl6QyGTQlKhdXMopix2RUoKHwWlxON2XL5dbPHfNtF23T6j/ Z1lKTUyAx+spHmuWsSOlUrzfWW07z38MJ6AXkZdQZz+f3joNbZ0Eq+03YseFS07bpo0P RS9FZ++YMPq7Zprpr6eEw+RQ0sw96k6OQ8NWVQNVNJ5Y9C5QWaTPca0X0iTFdLRKeN3j iC1jmHs5aWjK8iOZb502e/cwtmxKowlSyyVnURmEk6rSJIEXditgrCzlowNV5Xp4ykYi +U7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=iK+uxXhV; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=fZri7GXf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ip14-20020a17090b314e00b00250cb2a2000si13139340pjb.113.2023.05.30.13.44.10; Tue, 30 May 2023 13:44:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=iK+uxXhV; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=fZri7GXf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233443AbjE3Ubr (ORCPT + 99 others); Tue, 30 May 2023 16:31:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54814 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233399AbjE3Ubm (ORCPT ); Tue, 30 May 2023 16:31:42 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 56394F7; Tue, 30 May 2023 13:31:41 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 26C5032005C1; Tue, 30 May 2023 16:31:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 30 May 2023 16:31:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478699; x=1685565099; bh=aSjkzE25S8 BxmyJfHmxx2kjK812O0BGlmJS9UYp63Y4=; b=iK+uxXhV6X4xM7zdOsRLRNl7Rl GeCaXb9nofcQLJMH5PYa8rM5mPH1np/a+6qzHLKH/xgr4kR4IXAg30xdIqri75uf f/HA4WZkCSFcOo7cNqUyy8XM/mAA5BKtkkdZ1PCLM6dnhelU1vC8pavl7AWFfugt 4sRiOO97mcVcpXj5MGvFR7i96rhwtfyMeXrQMUlsQduztFxlYcDLQG/EDvZSk3wq x92Oroq+S25UkVnqRiLhrdY1NyoS9E0KaGS1k185wNunE+FkLZv0bi0cekflq7QK YcsOdasoRS8hfC8B5I4G2Y5doOhecSPGwC5fQwkbDtySEHXq8JzjTicIZO5g== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478699; x= 1685565099; bh=aSjkzE25S8BxmyJfHmxx2kjK812O0BGlmJS9UYp63Y4=; b=f Zri7GXfSSveOOtYOhvOUEtsANsXmWURASgkB/lbtLP/WL+xtmXsMnGdWCIJvHxk9 3P4owz460lQ0tIW2GadrRZrHamxcLGygApj4txw8+S26mwTJy70Xa5MgAmR7OD28 3BQxHlhnew0PgxDnyK6jr8OsOqZ89aJi5/efdD/8P7nMYdHdPt9KGKs8Fpq9Gt2K 0fZnUTtGA/5zoxj5fzQ1MjgpSQTy7yTSwtJplgo44KMf2SM3jJ6mFQ4hQbuicwEG 2NH0Z9/cMmeK3OtsVQ7bqYjG2KfdqSm8iVBn9slACvUrWPUr7xWilidlX88F519A zhCVORCXIU4SPKqCtRt2A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:38 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, stable@vger.kernel.org Subject: [PATCH v2 02/16] device-mapper: Avoid pointer arithmetic overflow Date: Tue, 30 May 2023 16:31:02 -0400 Message-Id: <20230530203116.2008-3-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353312845607709?= X-GMAIL-MSGID: =?utf-8?q?1767353312845607709?= Especially on 32-bit systems, it is possible for the pointer arithmetic to overflow and cause a userspace pointer to be dereferenced in the kernel. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 34fa74c6a70db8aa67aaba3f6a2fc4f38ef736bc..64e8f16d344c47057de5e2d29e3d63202197dca0 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1396,6 +1396,25 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, { static_assert(_Alignof(struct dm_target_spec) <= 8, "struct dm_target_spec has excessive alignment requirements"); + static_assert(offsetof(struct dm_ioctl, data) >= sizeof(struct dm_target_spec), + "struct dm_target_spec too big"); + + /* + * Number of bytes remaining, starting with last. This is always + * sizeof(struct dm_target_spec) or more, as otherwise *last was + * out of bounds already. + */ + size_t remaining = (char *)end - (char *)last; + + /* + * There must be room for both the next target spec and the + * NUL-terminator of the target itself. + */ + if (remaining - sizeof(struct dm_target_spec) <= next) { + DMERR("Target spec extends beyond end of parameters"); + return -EINVAL; + } + if (next % 8) { DMERR("Next target spec (offset %u) is not 8-byte aligned", next); return -EINVAL; From patchwork Tue May 30 20:31:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101119 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2453502vqr; Tue, 30 May 2023 13:51:43 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7IGpfEdESvoIoR4C7+d1C9MlM04HCSc6FjTZe4Eaq4EGX9xoMqqCIZO+L0mGmBtMlAR3sg X-Received: by 2002:a05:6a00:2444:b0:64a:7723:fe04 with SMTP id d4-20020a056a00244400b0064a7723fe04mr4419213pfj.4.1685479902962; Tue, 30 May 2023 13:51:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479902; cv=none; d=google.com; s=arc-20160816; b=jJbm0Jl9Mdx6ODarvaKXQ2lraqJ24n5Sw3z3dzSJgxYvJoqbyymldI4eaW0hg9lqGL 22oLpRUZF0/z5L4v0B4fXP7gzHzmQbVRIVwMSHFpkDfi/DapM5T4mquCmU54liK9rcZv RTUbtaAkI38lnPbIQ1Y8ywvR5pmx1IeIO915iYjsgqGpXvKja3n/bmOFzM3N5kH3P64H NLex0hh3+lK+RcKI7yzctsLlfqgt/k+I4RnWWwQyQICVFkr5hzboRbHdqo5aBkU/E4aQ zG37XXkJ44ki+b7mW0KBIehs5sEEdGAjihGHFcRnhS473MUxU0/ALW15/Mm/kIaal9xP BoOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=pmcUjAGIZxPp5PqEOgEqhVPemyqe9EdThZVOp4My7W0=; b=kbhYX6tCwxOTBIMQwkVPj1RfbA6HJk8tMn0sITgj75TdNSvwROhxFbsj0HypV1AbfK voDJq/jrZvV1tPet9wyExrJmA+lxjIZH+CE8kH2y+eGpvh6qjKqRNXxkZPbiEBwUPtWG fPk0jc3GzKfnxm69Jq/r1tEXHnCDWIyaAyCP5KA5t+nD+xiplrRvPGSYQPOkiRTceCaR p9aW2brITebkL6DvQuiY/4OkRPcW3q0Tu5LzZ+D4IIhPpFSGBTMTKQ40bcEHIAEtsUxF efh6s/DWCFoG2R+372myO3XyAm+pSCzp9/SecyNB+n7V4Ok9HY2LZ5j+FMdtU9eR9+kr eHvQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=dxLeUTcW; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=RUawBqS8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 81-20020a621954000000b0063bcab61625si2278208pfz.178.2023.05.30.13.51.28; Tue, 30 May 2023 13:51:42 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=dxLeUTcW; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=RUawBqS8; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233452AbjE3Ubw (ORCPT + 99 others); Tue, 30 May 2023 16:31:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54840 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233437AbjE3Ubp (ORCPT ); Tue, 30 May 2023 16:31:45 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 42893102; Tue, 30 May 2023 13:31:44 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 07F803200914; Tue, 30 May 2023 16:31:42 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:31:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478702; x=1685565102; bh=pmcUjAGIZx Pp5PqEOgEqhVPemyqe9EdThZVOp4My7W0=; b=dxLeUTcWcURIKF3tIdl1etnJR5 N5UmHb7gYi+h6qFr1h6Z9SC0wxIykswHISO17mCPtNq0NeJ2R7ZcfGGhLXwnTney w8vxVkRbqSYZPBXyoXLHByjIvnG7lVS1jupBNpog/rJiveBJkSUPozGoVJ7YSQ2s 5WwQwq4OgSFQTe9eiKn7KoyWGFsUiGRonLvgMZjB7AU41/HyAj9TrO8UFizlMc2Z kjC/rqLsVAqk9UrzpS9OE5eKXjHUQXPwX7RzgO3B8+rrUSBY/uIyHCeXOIFrFBUx 973IopAKjgCl01cB9/nuRm3U4VY/cNn+Itf/ju/WYCERZTrBTExuvORyanOw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478702; x= 1685565102; bh=pmcUjAGIZxPp5PqEOgEqhVPemyqe9EdThZVOp4My7W0=; b=R UawBqS8r1YDIM4po3y2qsUXbp4zg/tVMtIWDUkXk2Kttv3pfjWUl31EWtaAo+jxK /kXxCsfVJzLogYbQFIxM2poNZdJNrkxjSdHCH5xBtj6GqDUUr/oIGSviHONsPWSr 5v6LrhEM6HNy5GTorYKFgU7SqRGmewjInn2Q1ucsg36zNhg2F569jrlQRLrzGISB VIPuAEgV8JZufoZHXDa5LvBF0VsBt0uhRJzkJEAj0jc5U4TnTzHUo0/sRvcLbXSc m5CjwzswZE+AcQvkKG85UgCo8pJ17KM+Ph8DKWcmh0kLvVw8cL/Rv4b9TOLUJLWc mOiGUxDYt8n0bB7FAA8WA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudegkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:41 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, stable@vger.kernel.org Subject: [PATCH v2 03/16] device-mapper: do not allow targets to overlap 'struct dm_ioctl' Date: Tue, 30 May 2023 16:31:03 -0400 Message-Id: <20230530203116.2008-4-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353774896799452?= X-GMAIL-MSGID: =?utf-8?q?1767353774896799452?= This prevents dm_split_args() from corrupting this struct. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 64e8f16d344c47057de5e2d29e3d63202197dca0..a1d5fe64e1d0d9d3dcb06924249b89fe661944ab 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1444,6 +1444,12 @@ static int populate_table(struct dm_table *table, return -EINVAL; } + if (next < sizeof(struct dm_ioctl)) { + DMERR("%s: first target spec (offset %u) overlaps 'struct dm_ioctl'", + __func__, next); + return -EINVAL; + } + for (i = 0; i < param->target_count; i++) { r = next_target(spec, next, end, &spec, &target_params); From patchwork Tue May 30 20:31:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101120 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2453529vqr; Tue, 30 May 2023 13:51:48 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7ojFeDDBQR2kG4yrJTs+5lb3D97Io9kh2XKSQrbXoN7BcjDQ8jguv+3TgEz2d6kpqSmDTl X-Received: by 2002:a17:90a:3f85:b0:253:37a9:178 with SMTP id m5-20020a17090a3f8500b0025337a90178mr3470888pjc.45.1685479908366; Tue, 30 May 2023 13:51:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479908; cv=none; d=google.com; s=arc-20160816; b=C/9yeMyNDDHiaeV3nzSVKIfylHSvLOwqwDdyyOf1yrb2FuA2KRKqG1TC0SR6vWvbKl JKHhBsAgRsSmyQvtSHHoKFSEVbnmya/2w5cGiJjnvCoTFmtCcE8FUWT9y2lekfzljLtz 2Z60SafLjURVKefbaPXIhYOhxYad7TdQDTISlfUyqNV3FG/Z47uDuEB0UyhyRG/Eeixl oV01EEp2TyBh36fkOfqyRTLYDaUH2woPDuo7DcZzBsC36JY37rIMT34Q8MmF6sh7HkAi +ORW1F/0J7RUWPjjHk/bCeNfvvwstsLQXNZzDfNR34i7VmK0UUevZfw1V8H+MnGlTFfc sglg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=LxAfFq0335m1ZlqqDrmxnqhMzXdNPPiOcKKMsIZRgGo=; b=AH/wR5wcezR99dzPLHdWVZcH6WIP2zTfPnmftRA3FWsUOyNA/v0ufHTRIllcBQ4hor i+D0zxTqdlwha/lCJjsj9BJ1ZpmzaAQljo42oGNeGHQqwSnR5fcsGeJEUqbu45SpNpII EG8hHup06O+0itJimOZqQH+WFjQrEGnYcJ8RJqo/PqxqFNqyYwqBTgJwD1LUIn9URCZ9 pmJoBDLrnB/4LLfAOIIw06eudWDUXo1Fg3IoVV94EVqc+F8QXyzMcTvJE3SkIcuAGo4n uc9FvWsITaqR9PKZEV0xkxkr5bMzWD5WWOGcjnPgom6xxYFr3thyoQt20t5X3avVL/CL cKlg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=aBkNicTI; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=dsVyDy4d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kk18-20020a17090b4a1200b002528157a968si802166pjb.2.2023.05.30.13.51.34; Tue, 30 May 2023 13:51:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=aBkNicTI; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=dsVyDy4d; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233477AbjE3Ubz (ORCPT + 99 others); Tue, 30 May 2023 16:31:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54934 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233455AbjE3Ubu (ORCPT ); Tue, 30 May 2023 16:31:50 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5B2A7116; Tue, 30 May 2023 13:31:47 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 210F1320093A; Tue, 30 May 2023 16:31:46 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:31:46 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478705; x=1685565105; bh=LxAfFq0335 m1ZlqqDrmxnqhMzXdNPPiOcKKMsIZRgGo=; b=aBkNicTIxTqaQMJAexZulqIRdm sIjZXtSOPgxSMACSgvF+9fjyKzTAG1i01eFAX1OK0NcsCEBDoXpuJyaQV6d/I0VA q/z3N4LwMEW1FIuYTzFbKbGtY+U3bZe1LREkgWbnGVo31RGnMs1i+RkUSauMA528 b4f5/xVkZzCMR/eOmXM/no/o50kRvZdfkpjBHP+rZNTkawHhelZmjQubT6/xZFhM sB3+I0E3oDcdU9YB1PUvv3WTY3Cgz2c4tnkoPPKHzeYbYbxqStm6MaHhEQnNl0DE JrlecR96jAUXIBg4rTOGs1nHiRk+cCArx0I66C52cFKOY4AV+RksbuC93x9Q== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478705; x= 1685565105; bh=LxAfFq0335m1ZlqqDrmxnqhMzXdNPPiOcKKMsIZRgGo=; b=d sVyDy4dBBVGtlMpWhrLCib5j+MpYeJykog270K0270985oiQ+CD+XqCmJf5w8okS 3WHwdWZsn/VRIjpx5J+h2FUQSjGYLcZmnx9dLpvjIHy8M4HDT4rnwvAyUMLNSXUX EgawqZuIFSn4KyYS3JrTDlQIPAUT/0+Gk/yu0UXMiPqrGZPZY/fjoU9AbdzThyf4 L26yfyQlhx8iDEUWKiIYjUH1A3/OL9QGVvyrDGN/OqpWq3Tw25tgEbIpzAMPdc+h 5peIq/Yrn5aH9irvh3og9e7PEFL6Qs5Di/lIAk/sYO/pP/cGvtLIZYFIXPWUwGqY ZbbD9fIEV7MXFyjcopT5A== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:44 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 04/16] device-mapper: Better error message for too-short target spec Date: Tue, 30 May 2023 16:31:04 -0400 Message-Id: <20230530203116.2008-5-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353780029365623?= X-GMAIL-MSGID: =?utf-8?q?1767353780029365623?= Previously the error was "unable to find target", which is not helpful. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index a1d5fe64e1d0d9d3dcb06924249b89fe661944ab..9f505abba3dc22bffc6acb335c0bf29fec288fd5 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1423,9 +1423,6 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); - if (*spec < (last + 1)) - return -EINVAL; - return invalid_str(*target_params, end); } @@ -1451,6 +1448,11 @@ static int populate_table(struct dm_table *table, } for (i = 0; i < param->target_count; i++) { + if (next < sizeof(*spec)) { + DMERR("%s: next target spec (offset %u) overlaps 'struct dm_target_spec'", + __func__, next); + return -EINVAL; + } r = next_target(spec, next, end, &spec, &target_params); if (r) { From patchwork Tue May 30 20:31:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101104 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2444906vqr; Tue, 30 May 2023 13:33:47 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6fPmxcsYZta5i55I0btXt6gNHN/PY1Rs9G+Z0GnKk7UyG5oIRUSdYdC23J6Al2ex7aNpBT X-Received: by 2002:a17:90b:38d2:b0:256:4b15:395b with SMTP id nn18-20020a17090b38d200b002564b15395bmr3402441pjb.47.1685478827440; Tue, 30 May 2023 13:33:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685478827; cv=none; d=google.com; s=arc-20160816; b=rBEdlRfgEiDhOYNzm4P9XJqdmwhFWqzrwf+buIlbDbeqEjkhbu2G5s/XDOrb7VyrzR f7zFvyjnry7rlM0ud1A9/QH6J4WhMLROTkSqrTnHd+AJAOtQ62tJIxrMUN/GCGi0au1O Bv45Eeg8GCqnRlmIos9GK6LYRYLuUT8PmtLepjOgSeMsv1DZQGtOsVqD2PiqAVCWERLk iaU54Vn/Z+cW6O981zawTpVAAPqywNGhzw6Q0Jd6GGHZ/WEDjwFGZ5gxXCpgVvgaxKeP Dn8+BE+pspOjqqiHf/XtGoJmggxFRYleT1nFcyyf+lxPdU+Grj0aOLoO5VIbA8pqkJnn 4WrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=9dA8w08Lf6yLxBKaYsZib4B6okJI6Rf5TV9rO9Rq5kQ=; b=ySa38QEh7yq+dtp+NkteogRC4de6JjF5vbQhZUOEjn8dCjOZBjEVrNBlDg6SZW935n eUIRuBtAK98enYnvOXBuiHQGuOnjJms5CeZL0I8Yw15pdPBXPxvU9m3hGsgStqP2IdEZ 3LsdYOWjwGW+y/5Uo3AgqrmfQ93bTaHoJCO/cO218RLAVTdjhNPpUC1wX/oa6O8+EI0m 6e2gTGyQh/YfqnIhBSmWf8/ryafEQUzkw81L69FaO+csIc9tJoxyEiSTQjdd+jE7CTPh /5I2wFXOwOJ7utJ0btQ++39mTEj63HBRvfvDQlOqVl7BNeEhluEYc5d1lRKmyVE4Vgyo Kqhg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=RqK1KJ1X; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=DMsesq2a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bv9-20020a632e09000000b0053f21272753si5741275pgb.9.2023.05.30.13.33.34; Tue, 30 May 2023 13:33:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=RqK1KJ1X; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=DMsesq2a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233478AbjE3UcC (ORCPT + 99 others); Tue, 30 May 2023 16:32:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54954 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232479AbjE3Uby (ORCPT ); Tue, 30 May 2023 16:31:54 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 937E4118; Tue, 30 May 2023 13:31:50 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id E7B28320091C; Tue, 30 May 2023 16:31:48 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:31:49 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478708; x=1685565108; bh=9dA8w08Lf6 yLxBKaYsZib4B6okJI6Rf5TV9rO9Rq5kQ=; b=RqK1KJ1X1SLFXUPUiLR1ErkxSG wtKH1zEfrkJGt+cTam8om+jkJorj31HumCzC/S/NBs42VK9J2wPDcvRJtfbOY/PF LzxWIsfwLXWGb7AxPlJ+e9IZ0X7jZ/z50ke/BXkU2TVtU0G1j5omrVQ2OdS1YxCW t/51b1V8oIA+9ZyeONf7TZzODRQdx/JUayG7fSa+zO2QmmQE8w63GnLlKq+2l5bP J5JFEIp5z0YHGwPY8OdfIQlO1/OuUlcVKYbTHF8/ZPUYhtPBuBVIxIylNt97ox2P MzGhApOEsQ6j1W/JMW5aBKxVbzfonneR3x5JGYO5PGF86JEMjtyBJwlxTCUA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478708; x= 1685565108; bh=9dA8w08Lf6yLxBKaYsZib4B6okJI6Rf5TV9rO9Rq5kQ=; b=D Msesq2aD/zsowges6BdJEmb3SXxsFD50z2JBIaZKcphdbkZ8bDmxUs+DpndiTUmB 28v8uLd5dcZv2la0SPjq1IwvKXdC+gIuyMcnYmia7XsERzw2uH7FI8XCSafdXsu5 EwMa0FI0jMTfRMekX9dRzZzq/aXRflH8qoHSxBLO1INLOvf1SoFV0H7bKQGsjupU NaniLmIVlRC/FaEd2D59ZYclkFgzLdscGM91ChlBj2LB5LbIQ847VIEasOMlHpNj nXWlcHyU433Z0l3bCdc9lS+C0bcphxZM4Q8ER2dJu2pRsL2pebnHxAxThnCbO/IS edfGYluS8mDU8v5EtX9dg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudegkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:47 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, stable@vger.kernel.org Subject: [PATCH v2 05/16] device-mapper: Target parameters must not overlap next target spec Date: Tue, 30 May 2023 16:31:05 -0400 Message-Id: <20230530203116.2008-6-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767352646580029029?= X-GMAIL-MSGID: =?utf-8?q?1767352646580029029?= The NUL terminator for each target parameter string must preceed the following 'struct dm_target_spec'. Otherwise, dm_split_args() might corrupt this struct. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 9f505abba3dc22bffc6acb335c0bf29fec288fd5..491ef55b9e8662c3b02a2162b8c93ee086c078a1 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1391,7 +1391,7 @@ static inline fmode_t get_mode(struct dm_ioctl *param) return mode; } -static int next_target(struct dm_target_spec *last, uint32_t next, void *end, +static int next_target(struct dm_target_spec *last, uint32_t next, const char *end, struct dm_target_spec **spec, char **target_params) { static_assert(_Alignof(struct dm_target_spec) <= 8, @@ -1404,7 +1404,7 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, * sizeof(struct dm_target_spec) or more, as otherwise *last was * out of bounds already. */ - size_t remaining = (char *)end - (char *)last; + size_t remaining = end - (char *)last; /* * There must be room for both the next target spec and the @@ -1423,7 +1423,7 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); - return invalid_str(*target_params, end); + return 0; } static int populate_table(struct dm_table *table, @@ -1433,24 +1433,21 @@ static int populate_table(struct dm_table *table, unsigned int i = 0; struct dm_target_spec *spec = (struct dm_target_spec *) param; uint32_t next = param->data_start; - void *end = (void *) param + param_size; + const char *const end = (const char *) param + param_size; char *target_params; + size_t min_size = sizeof(struct dm_ioctl); if (!param->target_count) { DMERR("%s: no targets specified", __func__); return -EINVAL; } - if (next < sizeof(struct dm_ioctl)) { - DMERR("%s: first target spec (offset %u) overlaps 'struct dm_ioctl'", - __func__, next); - return -EINVAL; - } - for (i = 0; i < param->target_count; i++) { - if (next < sizeof(*spec)) { - DMERR("%s: next target spec (offset %u) overlaps 'struct dm_target_spec'", - __func__, next); + const char *nul_terminator; + + if (next < min_size) { + DMERR("%s: next target spec (offset %u) overlaps %s", + __func__, next, i ? "previous target" : "'struct dm_ioctl'"); return -EINVAL; } @@ -1460,6 +1457,15 @@ static int populate_table(struct dm_table *table, return r; } + nul_terminator = memchr(target_params, 0, (size_t)(end - target_params)); + if (nul_terminator == NULL) { + DMERR("%s: target parameters not NUL-terminated", __func__); + return -EINVAL; + } + + /* Add 1 for NUL terminator */ + min_size = (nul_terminator - (const char *)spec) + 1; + r = dm_table_add_target(table, spec->target_type, (sector_t) spec->sector_start, (sector_t) spec->length, From patchwork Tue May 30 20:31:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101121 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2453689vqr; Tue, 30 May 2023 13:52:14 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ70JJvPRvFP5/BhkpY4P5jHVfYq1qJIeQ/IkF+J09LQjFjgTuCnGaBrR73SdDccnAcvGWRx X-Received: by 2002:a05:6a21:3603:b0:104:6f59:3dc4 with SMTP id yg3-20020a056a21360300b001046f593dc4mr2890354pzb.62.1685479934078; Tue, 30 May 2023 13:52:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479934; cv=none; d=google.com; s=arc-20160816; b=hC8t1g+h9CXoN/OVV721wv4NqRyxQy8b5R+69wFOEcWmFIaVYqtgnwuxflI0JdWjC3 CYx14OuDydI+CqV7NZaRH03HozVk8htYPuGVrEP5lto/5SbdFJE8tVRWSZSGQDygoCd1 sfAgVb6coE4eC8JwrAovvOhsNnYj/GnyJo8hLEPDEl+09ElMMKShauQqKh70eOJWByeO Sxq/5K62u/VwTsjdHHfHWm+syfh2loW/QxvP2uVAeiC3LZLqIE7mGHxwtMNV/zNwAWQQ Emuaw8oOpE4aw6ryaJXoz6hh6dy36l5GXeTWnSSYZTynsX/ZoWBImrrK9BeJOWzqD7em oe4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=+cZsXk5aGiIWIF6vp9UgbBTuPJSW9vQMqM9Fi3GWErs=; b=mh8Hcr5++KkAqS0tgYUgzagJXd0NnH8qjoaZMHr6nSnV5gyeRz6fMGUU8mDZxzDsPl a7K+UgvSx1vbHJV0C3LUZh8W2hvnxPv1OVfW2YQH7rzYA2BViyH2akw/fwtTrfzR++0i 3nMjFQLcOImO4IzCYerKXl4dw/9vTs/ixyXsCBcqlW/cyhvh17kT3qK54Iu9zmq1fri6 9dGuUdb5OE/n7Gf6252RYJaSa8dLOVHG5rmVefIUNswmD8Hkk8uYGN71rExazONa+m2Z yHGHPLolViUxCPszJy/yYcwpEbn1Fx10AYwwvU+oigLdm0VVg6nLwvbhfrvtXB2IqJaO IQ+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=b1X2ZZBn; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=UP15hdGQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id kk18-20020a17090b4a1200b002528157a968si802166pjb.2.2023.05.30.13.51.59; Tue, 30 May 2023 13:52:14 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=b1X2ZZBn; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=UP15hdGQ; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233487AbjE3UcG (ORCPT + 99 others); Tue, 30 May 2023 16:32:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54970 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233504AbjE3UcC (ORCPT ); Tue, 30 May 2023 16:32:02 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 01D8A18B; Tue, 30 May 2023 13:31:53 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id CC58F3200907; Tue, 30 May 2023 16:31:51 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:31:52 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478711; x=1685565111; bh=+cZsXk5aGi IWIF6vp9UgbBTuPJSW9vQMqM9Fi3GWErs=; b=b1X2ZZBno2R9/Fq0Y4byMWClkM yztjlEXBXhErAHMyu5pxVYfR1cLCApT4g/uUiO8kteIoPOYfwcM0QS5x9QWviai0 +l213muvhmIojTILm+7p2eZtNtybubHmo4N4zNfbU1BjaH8lPNaOphi2xkYZuv4e h9L6gqPCJK3eOF1vIMloUMmjbsguyKqi2f1W5Tt/wuZ0+GYvxCApjlVAavetYN/A 7tGd5rz/o5D0PfB0ZRMW60nhh19bpt9llkSd4Y6Kat2KL+JrOgTCciUHA3vZPkBb IVcmnbvx3CmJqx5G5vutH15atOF/5DmD2t9dwwAa4lNLI929ZeF3n8ClPHNw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478711; x= 1685565111; bh=+cZsXk5aGiIWIF6vp9UgbBTuPJSW9vQMqM9Fi3GWErs=; b=U P15hdGQ/gq4QBXzqjvd7c1poQOzI9V99fFI4wL2BV4l6rOOg1UHF/IH0Rvn8DD2t 8inNtSYO4AkLeCdh5u8DSWVX/Y3zi6mmFEbSB6KWnmKzE/gaGSfbS0/UhxzMo5IL 2kibkVKxrhJBYHcxY0e9g8+oJElSF3YfB39B1l6n3IKWdY+LTIfj2T0Ioc7C6O44 lgjwvbG10GpFJ0/Ji6FLUTiSnJaiSTElzXZUfNjXE4ABmx+5vaVNfCETg0Sz7mcl +DhnaD34G3OifmWX9w/p4yj414+40b2No5vBXQ/3zcAauZ+scwTIQY4dPuM5DQKT JWusrvBDFegrRj+Ts3bOw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:50 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org, stable@vger.kernel.org Subject: [PATCH v2 06/16] device-mapper: Avoid double-fetch of version Date: Tue, 30 May 2023 16:31:06 -0400 Message-Id: <20230530203116.2008-7-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353807454937414?= X-GMAIL-MSGID: =?utf-8?q?1767353807454937414?= The version is fetched once in check_version(), which then does some validation and then overwrites the version in userspace with the API version supported by the kernel. copy_params() then fetches the version from userspace *again*, and this time no validation is done. The result is that the kernel's version number is completely controllable by userspace, provided that userspace can win a race condition. Fix this flaw by not copying the version back to the kernel the second time. This is not exploitable as the version is not further used in the kernel. However, it could become a problem if future patches start relying on the version field. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 491ef55b9e8662c3b02a2162b8c93ee086c078a1..20f452b6c61c1c4d20259fd0fc5443977e4454a0 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1873,12 +1873,13 @@ static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) * As well as checking the version compatibility this always * copies the kernel interface version out. */ -static int check_version(unsigned int cmd, struct dm_ioctl __user *user) +static int check_version(unsigned int cmd, struct dm_ioctl __user *user, + struct dm_ioctl *kernel_params) { - uint32_t version[3]; int r = 0; + uint32_t *version = kernel_params->version; - if (copy_from_user(version, user->version, sizeof(version))) + if (copy_from_user(version, user->version, sizeof(user->version))) return -EFAULT; if ((version[0] != DM_VERSION_MAJOR) || @@ -1922,7 +1923,10 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern const size_t minimum_data_size = offsetof(struct dm_ioctl, data); unsigned int noio_flag; - if (copy_from_user(param_kernel, user, minimum_data_size)) + /* Version has been copied from userspace already, avoid TOCTOU */ + if (copy_from_user((char *)param_kernel + sizeof(param_kernel->version), + (char __user *)user + sizeof(param_kernel->version), + minimum_data_size - sizeof(param_kernel->version))) return -EFAULT; if (param_kernel->data_size < minimum_data_size) { @@ -2034,7 +2038,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us * Check the interface version passed in. This also * writes out the kernel's interface version. */ - r = check_version(cmd, user); + r = check_version(cmd, user, ¶m_kernel); if (r) return r; From patchwork Tue May 30 20:31:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101105 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2445058vqr; Tue, 30 May 2023 13:33:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6DG7xatvJNfRMST0ZM60E4SVtsGwd3FbgJm0MklecIpNnGaoUJKvpVY3I5IiwUOUqrznX7 X-Received: by 2002:a17:90a:43c3:b0:253:4e54:6761 with SMTP id r61-20020a17090a43c300b002534e546761mr3444109pjg.34.1685478836650; Tue, 30 May 2023 13:33:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685478836; cv=none; d=google.com; s=arc-20160816; b=pnlMgVYapNwLswm3xUimlwx0B/Obhjtmp4u02Bry1z+wjOzbKiThHj11Q4VpjVpuL6 4RaoBFoCAzJEtg3zZ7PMf3wUr5xoIqNb2rlf8Ndd7buh8cu2BaaHpOVhxVZV56RqSdZo ibnZu8lHRwNvx2s4t9iEBeV44vRZaMJAKaCjli8rcZIwaVrbd1ZiVvczCphy/OmSgeov c0VOQwMeHCE++NW8VEBLy4E9EpqsfixGy+V9n+TlhBq++Hk4j5D5TxWL3PmoecJMq2cK nqiL9z/I8WS9uWDQXnvJM/6ip89zy0swRbZQ3EyXHr3/7RJ6ZapHHqYmmkZGEYGFK317 W8ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=G/PZMKR5fMicHWYQT0GxcmUHbUsQVYWUtsZvrUHCJuU=; b=CCtWRhL7tvY1DUtM+4ki6rkG0Iak+9K2tIWDyO1R3gtnkR6qcHlJNjuTaG8x2GmGM9 tZnmVxQ6R1J0AhT3IZnT1BdHoKBmQvUeGKv3JRfryRFU8QTg5vVl9fWz6ILTm4E/jQo8 F0fs4DOoGoyiDfyfmWV8oG5/407ClnC0gLY5YefPxGamuoBAGFB3UZkEibQ08RCoDisa rHJu6n0DFSw83wW/1pyBT/JBArsX3cY/ubAOEzQrNtZpRjN5PaWWj1vKPdOdK9IPtg+v OK8kOOTtBalsucy//n5u68BZJeUw7ibxsxnYLKyGC2pSazlqg6kaA/KxXcmKdqa7EFZV Wslw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=Fx+b8PAh; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=siYr85F6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id b6-20020a17090a9bc600b002586dbee167si118301pjw.170.2023.05.30.13.33.44; Tue, 30 May 2023 13:33:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=Fx+b8PAh; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=siYr85F6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233514AbjE3Uci (ORCPT + 99 others); Tue, 30 May 2023 16:32:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55454 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233509AbjE3UcQ (ORCPT ); Tue, 30 May 2023 16:32:16 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B4A831AE; Tue, 30 May 2023 13:31:56 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id AB9E13200920; Tue, 30 May 2023 16:31:54 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478714; x=1685565114; bh=G/PZMKR5fM icHWYQT0GxcmUHbUsQVYWUtsZvrUHCJuU=; b=Fx+b8PAh3kQful+76g25YMRpI5 OX2hyNg04HQUYaN44eHLXL/rFm2SALtFR0112VOAhcyu7Q2sJwY1i66PmyE2SnTT GQ8zTaVT5pxBlG08qTCZ+FS3117iMs4IgwF+YZnRQsIjYuCt9Q9EcokEF1/w2QFv Twymq+8VxvVG/76A/z0fBAsNeDIatL11QxQzfwr7rrvR/Yezfnoab4FX2SdDIO8+ 3Z09WdrcZcDTQYfG4wiLLpb2iXwlJVjKAN2ocz+agmZSrrgePipjWehEJVX2cKu6 l8BXqqbyb62oQpkjHAq0YFkp+2SFAkTxICtIqKbr7Q7NzkLJZ8C4XaiyGSzQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478714; x= 1685565114; bh=G/PZMKR5fMicHWYQT0GxcmUHbUsQVYWUtsZvrUHCJuU=; b=s iYr85F64Hkrtm1e26WXimQt3qTnsJz10WHrpr4PvU8EdZ5UO6Qfqj67YBBt2BbFO PUipDPJEr6g34YqFLy8Hwa01eC3ltU7TdIquoCIcGBTWPS2otA5rs1uHUbwazjjK Ww7dGsxlG99lt+yj4HNnXShCkklC9RuO2GIiKVVdrv7njlCf5lZcH+cU8FlYF758 DVOQ5dzfsR+WfY5BDpMPF7W7vjmlnSsmy/B0Ll5i1cVddn1sbTTYzNIoUN9Ql6Ib XM5XK8sKDq8W6Feu9Fioasb6HgQXeG3lzMjwIN3YEC91VleFfGumhwAmWhtxq+H3 0DWvG8HfoOsaY0EOEduGg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:53 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 07/16] device-mapper: Allow userspace to opt-in to strict parameter checks Date: Tue, 30 May 2023 16:31:07 -0400 Message-Id: <20230530203116.2008-8-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767352656681744988?= X-GMAIL-MSGID: =?utf-8?q?1767352656681744988?= Currently, device-mapper ioctls ignore unknown flags. This makes adding new flags to a given ioctl risky, as it could potentially break old userspace. To solve this problem, allow userspace to pass 5 as the major version to any ioctl. This causes the kernel to reject any flags that are not supported by the ioctl, as well as nonzero padding and names and UUIDs that are not NUL-terminated. New flags will only be recognized if major version 5 is used. Kernels without this patch return -EINVAL if the major version is 5, so this is backwards compatible. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 301 ++++++++++++++++++++++++++-------- include/uapi/linux/dm-ioctl.h | 30 +++- 2 files changed, 260 insertions(+), 71 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 20f452b6c61c1c4d20259fd0fc5443977e4454a0..cf752e72ef6a2d8f8230e5bd6d1a6dc817a4f597 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -64,7 +64,8 @@ struct vers_iter { static struct rb_root name_rb_tree = RB_ROOT; static struct rb_root uuid_rb_tree = RB_ROOT; -static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred); +static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred, + struct dm_ioctl *param); /* * Guards access to both hash tables. @@ -78,7 +79,7 @@ static DEFINE_MUTEX(dm_hash_cells_mutex); static void dm_hash_exit(void) { - dm_hash_remove_all(false, false, false); + dm_hash_remove_all(false, false, false, NULL); } /* @@ -333,7 +334,8 @@ static struct dm_table *__hash_remove(struct hash_cell *hc) return table; } -static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred) +static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred, + struct dm_ioctl *param) { int dev_skipped; struct rb_node *n; @@ -367,6 +369,8 @@ static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool dm_table_destroy(t); } dm_ima_measure_on_device_remove(md, true); + if (param != NULL && !dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr, false)) + param->flags |= DM_UEVENT_GENERATED_FLAG; dm_put(md); if (likely(keep_open_devices)) dm_destroy(md); @@ -513,7 +517,7 @@ static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, void dm_deferred_remove(void) { - dm_hash_remove_all(true, false, true); + dm_hash_remove_all(true, false, true, NULL); } /* @@ -529,7 +533,7 @@ typedef int (*ioctl_fn)(struct file *filp, struct dm_ioctl *param, size_t param_ static int remove_all(struct file *filp, struct dm_ioctl *param, size_t param_size) { - dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false); + dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false, param); param->data_size = 0; return 0; } @@ -892,8 +896,6 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si return r; } - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; - __dev_status(md, param); dm_put(md); @@ -947,8 +949,6 @@ static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) if (hc->new_map) param->flags |= DM_INACTIVE_PRESENT_FLAG; - else - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; return hc; } @@ -1161,7 +1161,6 @@ static int do_resume(struct dm_ioctl *param) new_map = hc->new_map; hc->new_map = NULL; - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; up_write(&_hash_lock); @@ -1426,6 +1425,32 @@ static int next_target(struct dm_target_spec *last, uint32_t next, const char *e return 0; } +static inline bool sloppy_checks(const struct dm_ioctl *param) +{ + return param->version[0] < DM_VERSION_MAJOR_STRICT; +} + +static bool no_non_nul_after_nul(const char *untrusted_str, size_t size, + unsigned int cmd, const char *msg) +{ + const char *cursor; + const char *endp = untrusted_str + size; + const char *nul_terminator = memchr(untrusted_str, '\0', size); + + if (nul_terminator == NULL) { + DMERR("%s not NUL-terminated, cmd(%u)", msg, cmd); + return false; + } + for (cursor = nul_terminator; cursor < endp; cursor++) { + if (*cursor != 0) { + DMERR("%s has non-NUL byte at %zd after NUL byte at %zd, cmd(%u)", + msg, cursor - untrusted_str, nul_terminator - untrusted_str, cmd); + return false; + } + } + return true; +} + static int populate_table(struct dm_table *table, struct dm_ioctl *param, size_t param_size) { @@ -1436,12 +1461,19 @@ static int populate_table(struct dm_table *table, const char *const end = (const char *) param + param_size; char *target_params; size_t min_size = sizeof(struct dm_ioctl); + bool const strict = !sloppy_checks(param); if (!param->target_count) { DMERR("%s: no targets specified", __func__); return -EINVAL; } + if (strict && param_size % 8 != 0) { + DMERR("%s: parameter size %zu not multiple of 8", + __func__, param_size); + return -EINVAL; + } + for (i = 0; i < param->target_count; i++) { const char *nul_terminator; @@ -1466,6 +1498,18 @@ static int populate_table(struct dm_table *table, /* Add 1 for NUL terminator */ min_size = (nul_terminator - (const char *)spec) + 1; + if (strict) { + if (!no_non_nul_after_nul(spec->target_type, sizeof(spec->target_type), + DM_TABLE_LOAD_CMD, "target type")) + return -EINVAL; + + if (spec->status) { + DMERR("%s: status in target spec must be zero, not %u", + __func__, spec->status); + return -EINVAL; + } + } + r = dm_table_add_target(table, spec->target_type, (sector_t) spec->sector_start, (sector_t) spec->length, @@ -1476,6 +1520,32 @@ static int populate_table(struct dm_table *table, } next = spec->next; + + if (strict) { + uint64_t zero = 0; + /* + * param_size is a multiple of 8 so this is still in + * bounds (or 1 past the end). + */ + size_t expected_next = round_up(min_size, 8); + + if (expected_next != next) { + DMERR("%s: in strict mode, expected next to be %zu but it was %u", + __func__, expected_next, next); + return -EINVAL; + } + + if (memcmp(&zero, nul_terminator, next - min_size + 1) != 0) { + DMERR("%s: in strict mode, padding must be zeroed", __func__); + return -EINVAL; + } + } + } + + if (strict && next != (size_t)(end - (const char *)spec)) { + DMERR("%s: last target size is %u, but %zd bytes remaining in target spec", + __func__, next, end - (const char *)spec); + return -EINVAL; } return dm_table_complete(table); @@ -1823,48 +1893,67 @@ static int target_message(struct file *filp, struct dm_ioctl *param, size_t para * the ioctl. */ #define IOCTL_FLAGS_NO_PARAMS 1 -#define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT 2 +#define IOCTL_FLAGS_TAKES_EVENT_NR 2 +#define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT (IOCTL_FLAGS_TAKES_EVENT_NR | 4) /* *--------------------------------------------------------------- * Implementation of open/close/ioctl on the special char device. *--------------------------------------------------------------- */ -static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) +static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags, uint32_t *supported_flags) { static const struct { int cmd; int flags; ioctl_fn fn; + uint32_t supported_flags; } _ioctls[] = { - {DM_VERSION_CMD, 0, NULL}, /* version is dealt with elsewhere */ - {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all}, - {DM_LIST_DEVICES_CMD, 0, list_devices}, + /* Macro to make the structure initializers somewhat readable */ +#define I(cmd, flags, fn, supported_flags) { \ + (cmd), \ + (flags), \ + (fn), \ + /* \ + * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ + * Use BUILD_BUG_ON_ZERO to check for that. \ + */ \ + (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ +} + I(DM_VERSION_CMD, 0, NULL, 0), /* version is dealt with elsewhere */ + I(DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all, + DM_DEFERRED_REMOVE), + I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG), + I(DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create, + DM_PERSISTENT_DEV_FLAG), + I(DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove, + DM_DEFERRED_REMOVE), + I(DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG), + I(DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG), + I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_DEV_WAIT_CMD, IOCTL_FLAGS_TAKES_EVENT_NR, dev_wait, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), + I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG), + I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_TABLE_STATUS_CMD, 0, table_status, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), - {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create}, - {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove}, - {DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename}, - {DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend}, - {DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status}, - {DM_DEV_WAIT_CMD, 0, dev_wait}, + I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0), - {DM_TABLE_LOAD_CMD, 0, table_load}, - {DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear}, - {DM_TABLE_DEPS_CMD, 0, table_deps}, - {DM_TABLE_STATUS_CMD, 0, table_status}, - - {DM_LIST_VERSIONS_CMD, 0, list_versions}, - - {DM_TARGET_MSG_CMD, 0, target_message}, - {DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry}, - {DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll}, - {DM_GET_TARGET_VERSION_CMD, 0, get_target_version}, + I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0), + I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0), + I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0), }; if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) return NULL; cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); + *supported_flags = _ioctls[cmd].supported_flags; *ioctl_flags = _ioctls[cmd].flags; return _ioctls[cmd].fn; } @@ -1877,27 +1966,34 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user, struct dm_ioctl *kernel_params) { int r = 0; - uint32_t *version = kernel_params->version; + uint32_t expected_major_version = DM_VERSION_MAJOR; - if (copy_from_user(version, user->version, sizeof(user->version))) + if (copy_from_user(kernel_params->version, user->version, sizeof(kernel_params->version))) return -EFAULT; - if ((version[0] != DM_VERSION_MAJOR) || - (version[1] > DM_VERSION_MINOR)) { + if (kernel_params->version[0] >= DM_VERSION_MAJOR_STRICT) + expected_major_version = DM_VERSION_MAJOR_STRICT; + + if ((kernel_params->version[0] != expected_major_version) || + (kernel_params->version[1] > DM_VERSION_MINOR)) { DMERR("ioctl interface mismatch: kernel(%u.%u.%u), user(%u.%u.%u), cmd(%d)", - DM_VERSION_MAJOR, DM_VERSION_MINOR, + expected_major_version, + DM_VERSION_MINOR, DM_VERSION_PATCHLEVEL, - version[0], version[1], version[2], cmd); + kernel_params->version[0], + kernel_params->version[1], + kernel_params->version[2], + cmd); r = -EINVAL; } /* * Fill in the kernel version. */ - version[0] = DM_VERSION_MAJOR; - version[1] = DM_VERSION_MINOR; - version[2] = DM_VERSION_PATCHLEVEL; - if (copy_to_user(user->version, version, sizeof(version))) + kernel_params->version[0] = expected_major_version; + kernel_params->version[1] = DM_VERSION_MINOR; + kernel_params->version[2] = DM_VERSION_PATCHLEVEL; + if (copy_to_user(user->version, kernel_params->version, sizeof(kernel_params->version))) return -EFAULT; return r; @@ -1920,9 +2016,12 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern { struct dm_ioctl *dmi; int secure_data; - const size_t minimum_data_size = offsetof(struct dm_ioctl, data); + const size_t minimum_data_size = sloppy_checks(param_kernel) ? + offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); unsigned int noio_flag; + static_assert(offsetof(struct dm_ioctl, data_size) == sizeof(param_kernel->version)); + static_assert(offsetof(struct dm_ioctl, data_size) == 12); /* Version has been copied from userspace already, avoid TOCTOU */ if (copy_from_user((char *)param_kernel + sizeof(param_kernel->version), (char __user *)user + sizeof(param_kernel->version), @@ -1930,12 +2029,13 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern return -EFAULT; if (param_kernel->data_size < minimum_data_size) { - DMERR("Invalid data size in the ioctl structure: %u", - param_kernel->data_size); + DMERR("Invalid data size in the ioctl structure: %u (minimum %zu)", + param_kernel->data_size, minimum_data_size); return -EINVAL; } secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; + param_kernel->flags &= ~DM_SECURE_DATA_FLAG; *param_flags = secure_data ? DM_WIPE_BUFFER : 0; @@ -1966,7 +2066,8 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern /* Copy from param_kernel (which was already copied from user) */ memcpy(dmi, param_kernel, minimum_data_size); - if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size, + if (copy_from_user((char *)dmi + minimum_data_size, + (char __user *)user + minimum_data_size, param_kernel->data_size - minimum_data_size)) goto bad; data_copied: @@ -1983,33 +2084,86 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern return -EFAULT; } -static int validate_params(uint cmd, struct dm_ioctl *param) +static int validate_params(uint cmd, struct dm_ioctl *param, + uint32_t ioctl_flags, uint32_t supported_flags) { - /* Always clear this flag */ - param->flags &= ~DM_BUFFER_FULL_FLAG; - param->flags &= ~DM_UEVENT_GENERATED_FLAG; - param->flags &= ~DM_SECURE_DATA_FLAG; - param->flags &= ~DM_DATA_OUT_FLAG; - - /* Ignores parameters */ - if (cmd == DM_REMOVE_ALL_CMD || - cmd == DM_LIST_DEVICES_CMD || - cmd == DM_LIST_VERSIONS_CMD) - return 0; + static_assert(__same_type(param->flags, supported_flags)); + u64 zero = 0; if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { DMERR("name not supplied when creating device"); return -EINVAL; } - } else if (*param->uuid && *param->name) { - DMERR("only supply one of name or uuid, cmd(%u)", cmd); + } else { + if (*param->uuid && *param->name) { + DMERR("only supply one of name or uuid, cmd(%u)", cmd); + return -EINVAL; + } + } + + if (sloppy_checks(param)) { + /* Ensure strings are terminated */ + param->name[DM_NAME_LEN - 1] = '\0'; + param->uuid[DM_UUID_LEN - 1] = '\0'; + /* Mask off bits that could confuse other code */ + param->flags &= ~DM_STRICT_ONLY_FLAGS; + /* Skip strict checks */ + return 0; + } + + /* Check that strings are terminated */ + if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") || + !no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID")) { return -EINVAL; } - /* Ensure strings are terminated */ - param->name[DM_NAME_LEN - 1] = '\0'; - param->uuid[DM_UUID_LEN - 1] = '\0'; + if (memcmp(param->data, &zero, sizeof(param->data)) != 0) { + DMERR("second padding field not zeroed in strict mode (cmd %u)", cmd); + return -EINVAL; + } + + if (param->flags & ~supported_flags) { + DMERR("unsupported flags 0x%x specified, cmd(%u)", + param->flags & ~supported_flags, cmd); + return -EINVAL; + } + + if (param->padding) { + DMERR("padding not zeroed in strict mode (got %u, cmd %u)", + param->padding, cmd); + return -EINVAL; + } + + if (param->open_count != 0) { + DMERR("open_count not zeroed in strict mode (got %d, cmd %u)", + param->open_count, cmd); + return -EINVAL; + } + + if (param->event_nr != 0 && (ioctl_flags & IOCTL_FLAGS_TAKES_EVENT_NR) == 0) { + DMERR("Event number not zeroed for command that does not take one (got %u, cmd %u)", + param->event_nr, cmd); + return -EINVAL; + } + + if (ioctl_flags & IOCTL_FLAGS_NO_PARAMS) { + /* Ignores parameters */ + if (param->data_size != sizeof(struct dm_ioctl)) { + DMERR("command %u must not have parameters", cmd); + return -EINVAL; + } + + if (param->target_count != 0) { + DMERR("command %u must have zero target_count", cmd); + return -EINVAL; + } + + if (param->data_start) { + DMERR("command %u must have zero data_start", cmd); + return -EINVAL; + } + } return 0; } @@ -2024,6 +2178,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us ioctl_fn fn = NULL; size_t input_param_size; struct dm_ioctl param_kernel; + uint32_t supported_flags, old_flags; /* only root can play with this */ if (!capable(CAP_SYS_ADMIN)) @@ -2039,7 +2194,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us * writes out the kernel's interface version. */ r = check_version(cmd, user, ¶m_kernel); - if (r) + if (r != 0) return r; /* @@ -2048,7 +2203,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (cmd == DM_VERSION_CMD) return 0; - fn = lookup_ioctl(cmd, &ioctl_flags); + fn = lookup_ioctl(cmd, &ioctl_flags, &supported_flags); if (!fn) { DMERR("dm_ctl_ioctl: unknown command 0x%x", command); return -ENOTTY; @@ -2063,11 +2218,20 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us return r; input_param_size = param->data_size; - r = validate_params(cmd, param); + + /* + * In sloppy mode, validate_params will clear some + * flags to ensure other code does not get confused. + * Save the original flags here. + */ + old_flags = param->flags; + r = validate_params(cmd, param, ioctl_flags, supported_flags); if (r) goto out; + /* This XOR keeps only the flags validate_params has changed. */ + old_flags ^= param->flags; - param->data_size = offsetof(struct dm_ioctl, data); + param->data_size = sloppy_checks(param) ? offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); r = fn(file, param, input_param_size); if (unlikely(param->flags & DM_BUFFER_FULL_FLAG) && @@ -2077,6 +2241,9 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (!r && ioctl_flags & IOCTL_FLAGS_ISSUE_GLOBAL_EVENT) dm_issue_global_event(); + /* Resture the flags that validate_params cleared */ + param->flags |= old_flags; + /* * Copy the results back to userland. */ diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 1990b5700f6948243def314cec22f380926aca2e..81103e1dcdac3015204e9c05d73037191e965d59 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -171,8 +171,11 @@ struct dm_target_spec { /* * Parameter string starts immediately after this object. - * Be careful to add padding after string to ensure correct - * alignment of subsequent dm_target_spec. + * Be careful to add padding after string to ensure 8-byte + * alignment of subsequent dm_target_spec. If the major version + * is DM_VERSION_MAJOR_STRICT, the padding must be at most 7 bytes, + * (not including the terminating NULt that ends the string) and + * must be zeroed. */ }; @@ -285,14 +288,25 @@ enum { #define DM_TARGET_MSG _IOWR(DM_IOCTL, DM_TARGET_MSG_CMD, struct dm_ioctl) #define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl) +/* Legacy major version */ #define DM_VERSION_MAJOR 4 -#define DM_VERSION_MINOR 48 +/* + * New major version. Enforces strict parameter checks and is required for + * using some new features, such as new flags. Should be used by all new code. + * + * If one uses DM_VERSION_MAJOR_STRICT, it is possible for the behavior of + * ioctls to depend on the minor version passed by userspace. Userspace must + * not pass a minor version greater than the version it was designed for. + */ +#define DM_VERSION_MAJOR_STRICT 5 +#define DM_VERSION_MINOR 49 #define DM_VERSION_PATCHLEVEL 0 #define DM_VERSION_EXTRA "-ioctl (2023-03-01)" /* Status bits */ #define DM_READONLY_FLAG (1 << 0) /* In/Out */ #define DM_SUSPEND_FLAG (1 << 1) /* In/Out */ +#define DM_EXISTS_FLAG (1 << 2) /* Not used by kernel, reserved for libdevmapper in userland */ #define DM_PERSISTENT_DEV_FLAG (1 << 3) /* In */ /* @@ -315,7 +329,8 @@ enum { #define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */ /* - * This flag is now ignored. + * This flag is now ignored if DM_VERSION_MAJOR is used, and causes + * -EINVAL if DM_VERSION_MAJOR_STRICT is used. */ #define DM_SKIP_BDGET_FLAG (1 << 9) /* In */ @@ -382,4 +397,11 @@ enum { */ #define DM_IMA_MEASUREMENT_FLAG (1 << 19) /* In */ +/* + * If DM_VERSION_MAJOR is used, these flags are ignored by the kernel. + * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and + * must be zeroed. + */ +#define DM_STRICT_ONLY_FLAGS ((__u32)0xFFF00004) + #endif /* _LINUX_DM_IOCTL_H */ From patchwork Tue May 30 20:31:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101118 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2453246vqr; Tue, 30 May 2023 13:51:03 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4M7AqJQPNAR2gFxqt2UFSQgcyPddQT6TkqNK+/zKW0/ueqcudF5v4jJ1mXocOxQcgbft7X X-Received: by 2002:a05:6a20:4289:b0:104:7a4c:6ca6 with SMTP id o9-20020a056a20428900b001047a4c6ca6mr4531891pzj.13.1685479863531; Tue, 30 May 2023 13:51:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479863; cv=none; d=google.com; s=arc-20160816; b=LD5AkdmsjKM1YiwGeJ5Au1nmUJV35678ajpOoU//nXFsKeeFiTXDJUzntnofB5PAHm MFlXMgggmk9lsfhsB5xpEY5lh/lpUpGXa75zX7mws4NvX0QG9lIF7jBODpOrhYMMTt8j 1iPoF3DBHEXAdFxjPLvnrpzsBVtwZ9EYAJPEYKk3Dr+kIz9U2bGuW9O2wi+DvgWhad3+ HJYUx2VRdiM2OBQrOqf5fvEbfr2tKQFe/r3DJI5zUYnemmqhYSYZ79qtALewjrwdQoY0 ZlpgKe4gz8+HNzA5kKdsrObsNYSkS+Z8RcbKNH3T4raCRfzdLIlimd1c9Epp/FiRsZXR rAIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=BECTYLtMdsTyiT4uJYQfU+Mj8zJcihG/8pwIemyERcA=; b=0wVYPP7KolNa5EOu+gtaqGRd36RqO+dbNUasgiWh1g5vJ02VvvkVrvwYHArOh2Rn5v mvL8kNKDxcXtDMOi+sMik0y/jyNs94wur4toA7EHfIxzuICHPY/2sQ8DticbaRGWaK7N COpqF8cOxTD7Ds/tTVh/9h/FYdWsD3Y8/AvBjqTND4TWoLlJQ1uzcM/1Z6HwEKVOJhHN 1dSN2ruELCVZwGcjUosLPTWgBfFFJhyoi+iGMu0w/QI2sudCoR/+DrBBD4EGpwjh5NmW mrdgiNUhx0ACygF6QF/YFrvvWxpsXH8mZnH7CFolDjUbdoUPQtVH5cggx2/YiF820ZR4 teUA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=BykYK4wd; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=s1U5rNqd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p17-20020a639511000000b0051b1b5917f6si7899524pgd.160.2023.05.30.13.50.48; Tue, 30 May 2023 13:51:03 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=BykYK4wd; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=s1U5rNqd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233505AbjE3Ucu (ORCPT + 99 others); Tue, 30 May 2023 16:32:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55682 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231546AbjE3Ucd (ORCPT ); Tue, 30 May 2023 16:32:33 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BDB8E4A; Tue, 30 May 2023 13:31:59 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id CFA993200344; Tue, 30 May 2023 16:31:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478717; x=1685565117; bh=BECTYLtMds TyiT4uJYQfU+Mj8zJcihG/8pwIemyERcA=; b=BykYK4wdtoBrIVjSpxxaRPRuTr MGlY8mwYSF1nHQ3142m3NqrwVH/EijYHPymM56mLBuX227aHbQ5F2PW5DWZe4u7U lg8XpJpFzf5qQ9+uusq9GdBCE1en27c6fJjqiCBAmOvo5OlNdjA8tBsW+mrUjfCA i1VUPE3DVLVEEMqpNIzK/oylyXHY1ECWck487vgg36SRTL69g96Tmj2WP4WDhRDh YNZvRk872QnPn4w1V/NYR4fwDxLVOwskMoaUGoK62UfRSFaRcP0Nn2L5GVVeNhGI Mpu4eTYXCdD6V6NuJeZKduMF5daf+4pRdw20W2896KNxKazcdsRNJffWFNqA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478717; x= 1685565117; bh=BECTYLtMdsTyiT4uJYQfU+Mj8zJcihG/8pwIemyERcA=; b=s 1U5rNqdd3Uckhl+Jago2iM9Gf3UuVkhxSSUEaHhOfU7d6pLz10aattbKXvAzKLeQ p1y5pQ1q5M00Eb5JYCPaur978/NUoipGyMmasqpMjNPg+sH8guBmsx8gQC0lwOro MY4VFHjl8LbuDVnyVN2fMFbfJceUfRG9ptJUJYBiPSq9qQUzYzkfHdW5LQwKwknv 96fbB4tjlsJ8Yaw7xsE64N4Kn6Ygh34s6DgbFGBnQuD99EyXiIgJjQHQLcg36Bvw KrOCQFa/X5wdDAAOODfQIkmoW8hRj7E40BSZhiPyo5FnrEg0N/s3wQacji9NgkkI 38DoAfhisfRspgBJoSDkw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:56 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 08/16] device-mapper: Allow userspace to provide expected diskseq Date: Tue, 30 May 2023 16:31:08 -0400 Message-Id: <20230530203116.2008-9-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353733299530581?= X-GMAIL-MSGID: =?utf-8?q?1767353733299530581?= This can be used to avoid race conditions in which a device is destroyed and recreated with the same major/minor, name, or UUID. diskseqs are only honored if strict parameter checking is on, to avoid any risk of breaking old userspace. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 48 ++++++++++++++++++++++++++++------- include/uapi/linux/dm-ioctl.h | 33 +++++++++++++++++++++--- 2 files changed, 69 insertions(+), 12 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index cf752e72ef6a2d8f8230e5bd6d1a6dc817a4f597..01cdf57bcafbf7f3e1b8304eec28792c6b24642d 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -871,6 +871,9 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) } dm_put_live_table(md, srcu_idx); } + + if (param->version[0] >= DM_VERSION_MAJOR_STRICT) + dm_set_diskseq(param, disk->diskseq); } static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_size) @@ -889,6 +892,8 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si if (r) return r; + param->flags &= ~DM_INACTIVE_PRESENT_FLAG; + r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); if (r) { dm_put(md); @@ -909,6 +914,7 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) { struct hash_cell *hc = NULL; + static_assert(offsetof(struct dm_ioctl, diskseq_high) == offsetof(struct dm_ioctl, data) + 3); if (*param->uuid) { if (*param->name || param->dev) { @@ -937,6 +943,27 @@ static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) } else return NULL; + if (param->version[0] >= DM_VERSION_MAJOR_STRICT) { + u64 expected_diskseq = dm_get_diskseq(param); + u64 diskseq; + struct mapped_device *md = hc->md; + + if (WARN_ON_ONCE(md->disk == NULL)) + return NULL; + diskseq = md->disk->diskseq; + if (WARN_ON_ONCE(diskseq == 0)) + return NULL; + if (expected_diskseq != 0) { + if (expected_diskseq != diskseq) { + DMERR("Diskseq mismatch: expected %llu actual %llu", + expected_diskseq, diskseq); + return NULL; + } + } else { + dm_set_diskseq(param, diskseq); + } + } + /* * Sneakily write in both the name and the uuid * while we have the cell. @@ -2088,7 +2115,6 @@ static int validate_params(uint cmd, struct dm_ioctl *param, uint32_t ioctl_flags, uint32_t supported_flags) { static_assert(__same_type(param->flags, supported_flags)); - u64 zero = 0; if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { @@ -2112,14 +2138,24 @@ static int validate_params(uint cmd, struct dm_ioctl *param, return 0; } + if (param->data_size < sizeof(struct dm_ioctl)) { + DMERR("Entire struct dm_ioctl (size %zu) must be valid, but only %u was valid", + sizeof(struct dm_ioctl), param->data_size); + return -EINVAL; + } + /* Check that strings are terminated */ if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") || !no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID")) { return -EINVAL; } - if (memcmp(param->data, &zero, sizeof(param->data)) != 0) { - DMERR("second padding field not zeroed in strict mode (cmd %u)", cmd); + /* + * This also reads the NUL terminator of the UUID, but that has already been + * checked to be zero by no_non_nul_after_nul(). + */ + if (*(const u32 *)((const char *)param + sizeof(struct dm_ioctl) - 8) != 0) { + DMERR("padding field not zeroed in strict mode (cmd %u)", cmd); return -EINVAL; } @@ -2129,12 +2165,6 @@ static int validate_params(uint cmd, struct dm_ioctl *param, return -EINVAL; } - if (param->padding) { - DMERR("padding not zeroed in strict mode (got %u, cmd %u)", - param->padding, cmd); - return -EINVAL; - } - if (param->open_count != 0) { DMERR("open_count not zeroed in strict mode (got %d, cmd %u)", param->open_count, cmd); diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 81103e1dcdac3015204e9c05d73037191e965d59..5647b218f24b626f5c1cefe8bec18dc04373c3d0 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -136,16 +136,43 @@ struct dm_ioctl { * For output, the ioctls return the event number, not the cookie. */ __u32 event_nr; /* in/out */ - __u32 padding; + + union { + /* valid if DM_VERSION_MAJOR is used */ + __u32 padding; /* padding */ + /* valid if DM_VERSION_MAJOR_STRICT is used */ + __u32 diskseq_low; /* in/out: low 4 bytes of the diskseq */ + }; __u64 dev; /* in/out */ char name[DM_NAME_LEN]; /* device name */ char uuid[DM_UUID_LEN]; /* unique identifier for * the block device */ - char data[7]; /* padding or data */ + union { + /* valid if DM_VERSION_MAJOR is used */ + char data[7]; /* padding or data */ + /* valid if DM_VERSION_MAJOR_STRICT is used */ + struct { + char _padding[3]; /* padding */ + __u32 diskseq_high; /* in/out: high 4 bytes of the diskseq */ + } __attribute__((packed)); + }; }; +__attribute__((always_inline)) static inline __u64 +dm_get_diskseq(const struct dm_ioctl *_i) +{ + return (__u64)_i->diskseq_high << 32 | (__u64)_i->diskseq_low; +} + +__attribute__((always_inline)) static inline void +dm_set_diskseq(struct dm_ioctl *_i, __u64 _diskseq) +{ + _i->diskseq_low = (__u32)(_diskseq & 0xFFFFFFFFU); + _i->diskseq_high = (__u32)(_diskseq >> 32); +} + /* * Used to specify tables. These structures appear after the * dm_ioctl. @@ -402,6 +429,6 @@ enum { * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and * must be zeroed. */ -#define DM_STRICT_ONLY_FLAGS ((__u32)0xFFF00004) +#define DM_STRICT_ONLY_FLAGS ((__u32)(~((1UL << 19) - 1) | 1 << 9 | 1 << 7)) #endif /* _LINUX_DM_IOCTL_H */ From patchwork Tue May 30 20:31:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101115 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2451713vqr; Tue, 30 May 2023 13:47:23 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7e5YL5L/TLJT2sSNDy9rzC00AhTn3fiZYcwEy6DprtRp8Q3poEGvMUHJr4IkETgHRFJU63 X-Received: by 2002:a05:6a20:a205:b0:10b:2ba5:ca66 with SMTP id u5-20020a056a20a20500b0010b2ba5ca66mr2942560pzk.20.1685479643699; Tue, 30 May 2023 13:47:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479643; cv=none; d=google.com; s=arc-20160816; b=BdvlF6fCs3v6/m93qhm1JdZlrd2RCUn4LKCxMkmA8VMQin9XEApyJpNduxfXa4f/x1 4sqq4p1eyw9URRTqDGXDsmFY+9JaR/b9KuQRAs4KYtDUQmpHHgHDVmZMcjp/ZH4romwr uq7PnzHmZzk4bkrs6oTFLBWgAgIa3+ClrwUU2IcTk04Uh0YdHFZtEL6C8XdcHOn8dYIz 4ausL2v4cWfqR+SjzBhBFF66eBjbV5v/3czdGurgS653WAJrggRKzOWvW+L1rS3A69A8 BOmHLbf4uQtr6WD7dFaFJKbmBi/GgJvG8JfQAM4RMdyouLrUmzllgYvRsS2q4r9RvEmT zFtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=aAfoA6tajOI3DdZbN+5gNp3o1Bf92v6/idOtFVwuqiE=; b=M82mzOq/r7VLdBUhxQ9lSpA66QcLUF8ePfM+WMA9pYnHpVO1mPXxOQqZm4Gv4MYRN7 1RHNTfz9JHsehbfKkh0w4DF9jLdzAjd/mHU57z25EgdxU4/SvHAWDEBzX5Qg8xntxHF3 kZCRLs0ERs+lgt/4YM4yUBjHPl+3NlvCPfA11Q0y3cHKkfq5TVkJvp3WnF7TuaSTHL8Y WvQQmyriRYJygZjIM+92QBU0C2tUDpYvUF6KAMG03UqUj5ZRrDATlKfNxMvDHAxCpN38 cc8F3akTRnDS2HLG5LA8A+GdEkhaglrBdQUTGMogTM/YYU+NWDH4lJHCxOsIJTIuzD98 ddKA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=XYryrGSs; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=BLBapeZT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a17090aaa8100b002534791ea59si1175826pjq.28.2023.05.30.13.47.12; Tue, 30 May 2023 13:47:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=XYryrGSs; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=BLBapeZT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233497AbjE3UdA (ORCPT + 99 others); Tue, 30 May 2023 16:33:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55612 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233486AbjE3Ucm (ORCPT ); Tue, 30 May 2023 16:32:42 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C22C7135; Tue, 30 May 2023 13:32:06 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 279DD320091D; Tue, 30 May 2023 16:32:01 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:32:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478720; x=1685565120; bh=aAfoA6tajO I3DdZbN+5gNp3o1Bf92v6/idOtFVwuqiE=; b=XYryrGSs9af08o9XzJZlWkP7YS JLLfR1m5fe8QVd3QR+6WCZdGftB4WKelk4w73RWFcsldPXK/6kET4skLGHEjfyR9 9raZlXBEqMOY3lcfb3RKOIXooZ6bPv1MTjeKMBqsKjXscnwDbIJTiVZqWxMgeHZ+ X0fukMQ6rp3BZHVQA/h3abeEGZylMMkQPtqmNC1qKQK7FYeXv1VabGc/J9HKQHj5 hNwxe11yXZPnYOujIsBfr07INd/FWOq3WMM/AhxJFTOsJjo3mZCX0BTyTGB+HOpO sm9nG/rSIhh+fS7BiI2cZ7Vx1W96+WzIAyAKIkO+GaPZ1WnP1yjbU6VnCMAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478720; x= 1685565120; bh=aAfoA6tajOI3DdZbN+5gNp3o1Bf92v6/idOtFVwuqiE=; b=B LBapeZTHOetv6cE0GTwPpL73JQDH4RfekajwyobPYL6NNCpVV58gVIFMYzREQE9O cIOpGoxbNrxHuDPmwJ6eVXN4MozN4uVBcS2b7Rl5bxt7Fp/e93CHX+VipbnxUY/t 0eVrwRVlPeCVOVUbuTwecqzI4e02b7wsokNIEUeINpoAmY9Qqcvt0HGvOuTlydim /NVfmnLxWbVFFibA08/xffwRWQU38ugjH9Qo+9YaNfAmM4rJErVXAHQBctyESQ2V 8rewIK4P5DUD8YH+0lVTRQv+lSSc80A0ROaBPwCP1s7qkVpwdFzgyTOMjWxqbCIt 0TXQT4E0HMZaYYSRHSDSw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:59 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 09/16] device-mapper: Allow userspace to suppress uevent generation Date: Tue, 30 May 2023 16:31:09 -0400 Message-Id: <20230530203116.2008-10-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353503320276653?= X-GMAIL-MSGID: =?utf-8?q?1767353503320276653?= Userspace can use this to avoid spamming udev with events that udev should ignore. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 78 ++++++++++++++++++----------------- drivers/md/dm.c | 5 ++- include/linux/device-mapper.h | 2 +- include/uapi/linux/dm-ioctl.h | 14 +++++-- 5 files changed, 57 insertions(+), 44 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index aecab0c0720f77ae2a0ab048304ea3d1023f9959..a033f85d1a9d9b3d8ec893efd6552fb48d2b3541 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -115,6 +115,8 @@ struct mapped_device { /* for blk-mq request-based DM support */ bool init_tio_pdu:1; + /* If set, do not emit any uevents. */ + bool disable_uevents:1; struct blk_mq_tag_set *tag_set; struct dm_stats stats; diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 01cdf57bcafbf7f3e1b8304eec28792c6b24642d..52aa5505d23b2f3d9c0faf6e8a91b74cd7845581 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -814,6 +814,11 @@ static struct dm_table *dm_get_live_or_inactive_table(struct mapped_device *md, dm_get_inactive_table(md, srcu_idx) : dm_get_live_table(md, srcu_idx); } +static inline bool sloppy_checks(const struct dm_ioctl *param) +{ + return param->version[0] < DM_VERSION_MAJOR_STRICT; +} + /* * Fills in a dm_ioctl structure, ready for sending back to * userland. @@ -872,7 +877,7 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) dm_put_live_table(md, srcu_idx); } - if (param->version[0] >= DM_VERSION_MAJOR_STRICT) + if (!sloppy_checks(param)) dm_set_diskseq(param, disk->diskseq); } @@ -888,7 +893,7 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si if (param->flags & DM_PERSISTENT_DEV_FLAG) m = MINOR(huge_decode_dev(param->dev)); - r = dm_create(m, &md); + r = dm_create(m, &md, param->flags & DM_DISABLE_UEVENTS_FLAG); if (r) return r; @@ -1452,11 +1457,6 @@ static int next_target(struct dm_target_spec *last, uint32_t next, const char *e return 0; } -static inline bool sloppy_checks(const struct dm_ioctl *param) -{ - return param->version[0] < DM_VERSION_MAJOR_STRICT; -} - static bool no_non_nul_after_nul(const char *untrusted_str, size_t size, unsigned int cmd, const char *msg) { @@ -1928,59 +1928,61 @@ static int target_message(struct file *filp, struct dm_ioctl *param, size_t para * Implementation of open/close/ioctl on the special char device. *--------------------------------------------------------------- */ -static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags, uint32_t *supported_flags) +static ioctl_fn lookup_ioctl(unsigned int cmd, bool strict, int *ioctl_flags, uint32_t *supported_flags) { static const struct { int cmd; int flags; ioctl_fn fn; uint32_t supported_flags; + uint32_t strict_flags; } _ioctls[] = { /* Macro to make the structure initializers somewhat readable */ -#define I(cmd, flags, fn, supported_flags) { \ - (cmd), \ - (flags), \ - (fn), \ - /* \ - * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ - * Use BUILD_BUG_ON_ZERO to check for that. \ - */ \ - (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ +#define I(cmd, flags, fn, supported_flags, strict_flags) { \ + (cmd), \ + (flags), \ + (fn), \ + /* \ + * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ + * Use BUILD_BUG_ON_ZERO to check for that. \ + */ \ + (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ + (strict_flags) | (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & (strict_flags)), \ } - I(DM_VERSION_CMD, 0, NULL, 0), /* version is dealt with elsewhere */ + I(DM_VERSION_CMD, 0, NULL, 0, 0), /* version is dealt with elsewhere */ I(DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all, - DM_DEFERRED_REMOVE), - I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG), + DM_DEFERRED_REMOVE, 0), + I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG, 0), I(DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create, - DM_PERSISTENT_DEV_FLAG), + DM_PERSISTENT_DEV_FLAG, DM_DISABLE_UEVENTS_FLAG), I(DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove, - DM_DEFERRED_REMOVE), + DM_DEFERRED_REMOVE, 0), I(DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG, 0), I(DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG), - I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG, 0), + I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG, 0), I(DM_DEV_WAIT_CMD, IOCTL_FLAGS_TAKES_EVENT_NR, dev_wait, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), - I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG), - I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG), - I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG, 0), + I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG, 0), + I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG, 0), + I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG, 0), I(DM_TABLE_STATUS_CMD, 0, table_status, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG, 0), - I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0), + I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0, 0), - I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG), - I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0), - I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0), - I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0), + I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG, 0), + I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0, 0), + I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0, 0), + I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0, 0), }; if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) return NULL; cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); - *supported_flags = _ioctls[cmd].supported_flags; + *supported_flags = strict ? _ioctls[cmd].strict_flags : _ioctls[cmd].supported_flags; *ioctl_flags = _ioctls[cmd].flags; return _ioctls[cmd].fn; } @@ -2233,7 +2235,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (cmd == DM_VERSION_CMD) return 0; - fn = lookup_ioctl(cmd, &ioctl_flags, &supported_flags); + fn = lookup_ioctl(cmd, !sloppy_checks(¶m_kernel), &ioctl_flags, &supported_flags); if (!fn) { DMERR("dm_ctl_ioctl: unknown command 0x%x", command); return -ENOTTY; @@ -2451,7 +2453,7 @@ int __init dm_early_create(struct dm_ioctl *dmi, m = MINOR(huge_decode_dev(dmi->dev)); /* alloc dm device */ - r = dm_create(m, &md); + r = dm_create(m, &md, false); if (r) return r; diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 3b694ba3a106e68d4c0d5e64cd9136cf7abce237..efdf70a331cb681a88490f45d26259c29ddac850 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2276,13 +2276,14 @@ static struct dm_table *__unbind(struct mapped_device *md) /* * Constructor for a new device. */ -int dm_create(int minor, struct mapped_device **result) +int dm_create(int minor, struct mapped_device **result, bool disable_uevents) { struct mapped_device *md; md = alloc_dev(minor); if (!md) return -ENXIO; + md->disable_uevents = disable_uevents; dm_ima_reset_data(md); @@ -2999,6 +3000,8 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, char udev_cookie[DM_COOKIE_LENGTH]; char *envp[3] = { NULL, NULL, NULL }; char **envpp = envp; + if (md->disable_uevents) + return 0; if (cookie) { snprintf(udev_cookie, DM_COOKIE_LENGTH, "%s=%u", DM_COOKIE_ENV_VAR_NAME, cookie); diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index a52d2b9a68460ac7951ad6ebe76d9a1cfccf7afb..7c8d7a7e8798d20e517e2264c06772ecd8b41ef3 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -463,7 +463,7 @@ void dm_consume_args(struct dm_arg_set *as, unsigned int num_args); * DM_ANY_MINOR chooses the next available minor number. */ #define DM_ANY_MINOR (-1) -int dm_create(int minor, struct mapped_device **md); +int dm_create(int minor, struct mapped_device **md, bool disable_uevents); /* * Reference counting for md. diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 5647b218f24b626f5c1cefe8bec18dc04373c3d0..07cc5bbb6944ebaa42ddfec6fd5e0413c535e7ff 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -356,8 +356,16 @@ enum { #define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */ /* - * This flag is now ignored if DM_VERSION_MAJOR is used, and causes - * -EINVAL if DM_VERSION_MAJOR_STRICT is used. + * This flag is only recognized when DM_VERSION_MAJOR_STRICT is used. + * It tells the kernel to not generate any uevents for the newly-created + * device. Using it outside of DM_DEV_CREATE results in -EINVAL. When + * DM_VERSION_MAJOR is used this flag is ignored. + */ +#define DM_DISABLE_UEVENTS_FLAG (1 << 9) /* In */ + +/* + * This flag is now ignored if DM_VERSION_MAJOR is used. When + * DM_VERSION_MAJOR_STRICT is used it is an alias for DM_DISABLE_UEVENT_FLAG. */ #define DM_SKIP_BDGET_FLAG (1 << 9) /* In */ @@ -426,8 +434,6 @@ enum { /* * If DM_VERSION_MAJOR is used, these flags are ignored by the kernel. - * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and - * must be zeroed. */ #define DM_STRICT_ONLY_FLAGS ((__u32)(~((1UL << 19) - 1) | 1 << 9 | 1 << 7)) From patchwork Tue May 30 20:31:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101106 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2445545vqr; Tue, 30 May 2023 13:34:36 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5h15IVnnVzyiap1SXu/JN6NxePEBYb5da5FBJXWHDJ7uccN4phyh8EklJsctcbpepxRIir X-Received: by 2002:a05:6a20:3ca5:b0:10c:f674:3bab with SMTP id b37-20020a056a203ca500b0010cf6743babmr4109329pzj.61.1685478875627; Tue, 30 May 2023 13:34:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685478875; cv=none; d=google.com; s=arc-20160816; b=sBGwwHaOuif+VOqh35gjT5luscRk8NwO85NW/VwBtXC4AleYufanfZvi97qwg5kI5z gWzjFDUBhq9OF1WvS56iMWenFRGwcnI+r6/AUr78OHFDBNClgyFboRgVqI/JevoqhqPs arShCRSHD090UsySZzHGoVg9LsUsmfsVf4Y4Y44hNke7f0ngV4I6cvkyYiHz1NB2mLqX VfTavYrvg0qtFBby3o9OnR+DDwM7kHiNLgVplBC5LrgF0+Va3NKlE+0SyTxPpDnFvOLp xtLZaedy4PviQYTUEBBK8zEKcpfh2HjSyeBMT+EcXCXOxNcdF++gU5hgChUqWv3KJUz1 dN7w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=rwGIL/9NRSMhUwVWwsxjoxS5AMM8VOhnzZgHY9xGhxg=; b=mmCytbdg//M5ur1tc/O190J4GKcwhFFq+te8SbnTYueCnb3SKcCX+B2UFAqShaMvOl UaNJx5xDdirGc/nD88bwuaHe5yDNxVVjFjU5rgcSNS61Lhdd1Bn++KJUioDKFilFgmcv MIiPaqhvexGpVVzPQWrrPMxdfGgCnTZjWATZkVCn95GwCA5qcXQ/IwJDB5QftYDDRKbS MhD3rRTI7XStFGuqHfwfZ+Cp0XwkcC16IDqeqsSsOyfbJNznE59JAZL9DfgPlnBsk+MZ KVSU0O2UdDeEa0vjq7gU0cVIjG5Nv86lF8OF8ZH3s1KXIkUdYEVzWCWSwZaMbuXGjMh2 zejg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=qkBueq2r; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b="y4N/s9MU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id bv9-20020a632e09000000b0053f21272753si5741275pgb.9.2023.05.30.13.34.22; Tue, 30 May 2023 13:34:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=qkBueq2r; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b="y4N/s9MU"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230355AbjE3UdE (ORCPT + 99 others); Tue, 30 May 2023 16:33:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54968 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232555AbjE3Ucu (ORCPT ); Tue, 30 May 2023 16:32:50 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5CB43E62; Tue, 30 May 2023 13:32:19 -0700 (PDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id F2B183200930; Tue, 30 May 2023 16:32:03 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 30 May 2023 16:32:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478723; x=1685565123; bh=rwGIL/9NRS MhUwVWwsxjoxS5AMM8VOhnzZgHY9xGhxg=; b=qkBueq2r2OyWcbusDQUrjajFFr 8ESqGro3ggJwym7lFf9BI9ESX7xekhNhstWp8F1ueTG3NmoZqthNHTWOXbCGq5Vw 67eIWybB+EGrobvjODoQqwC70WtdLXTl2k5nQabcp3ZQs/dQWH2f+QrTvapYJOrW JrHz90N9W+aLbcMlDjF0cjaNT1cyK5hLdd/RpV3VjOJWSictxkSNvJ89RwdrBPZG E9Kxm85hwY5s7dhDK62GqfSywSV09msrreFFwcypf91DJsdE3WhAfmU038D6fTNC IJwxS9XPoI4erBBQzlRsVtR6w58sX6QtAWlnzP3FUVoK+Ii+7VvWyJVHGyBA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478723; x= 1685565123; bh=rwGIL/9NRSMhUwVWwsxjoxS5AMM8VOhnzZgHY9xGhxg=; b=y 4N/s9MUZzZd4QAK3LutuCyRwXJa6PV0apyBdJJ0IvWA7d2gGhkz/XsZL7+VJH2SG iOcTbZxxHnngGWA/vK1Cy/hWHcqG4/qzaYGV3DdLfQBhITU6JQPFY6rYK8F78XZs GsFx5qwOlj2SIdDWk5FlJyasxkbCa3R96lDH1Hm2Dvhf2k7z0wpQK4fuV1Q/mMRI fUSMAzPyoOA+uwmX+9p0bB+XYk6wNk3PB/5bWjVYO6PrYeHoE9udaLaxIrHaFqnW IaScZZBdVbuKJ7vOHjBpV2ygqFDhJvzlolEe5vP4KmsAbmnCAoIBk1ZiIgIsCNXl w1VoeHG8LsGkBO7eC24Bg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:02 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 10/16] device-mapper: Refuse to create device named "control" Date: Tue, 30 May 2023 16:31:10 -0400 Message-Id: <20230530203116.2008-11-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767352697123155522?= X-GMAIL-MSGID: =?utf-8?q?1767352697123155522?= Typical userspace setups create a symlink under /dev/mapper with the name of the device, but /dev/mapper/control is reserved for the control device. Therefore, trying to create such a device is almost certain to be a userspace bug. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 52aa5505d23b2f3d9c0faf6e8a91b74cd7845581..9ae00e3c1a72c19575814cf473774835b364320b 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -771,7 +771,12 @@ static int get_target_version(struct file *filp, struct dm_ioctl *param, size_t static int check_name(const char *name) { if (strchr(name, '/')) { - DMERR("invalid device name"); + DMERR("device name cannot contain '/'"); + return -EINVAL; + } + + if (strcmp(name, DM_CONTROL_NODE) == 0) { + DMERR("device name cannot be \"%s\"", DM_CONTROL_NODE); return -EINVAL; } From patchwork Tue May 30 20:31:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101114 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2451482vqr; Tue, 30 May 2023 13:46:57 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ51DqjlTcvOHT8hMDoJ3WO++qkzU9lnhUs2/LFTcOlxyDeGn/1c8IhbWsN8TIoMitI81V3h X-Received: by 2002:a17:90b:1bd1:b0:256:6b6:baa1 with SMTP id oa17-20020a17090b1bd100b0025606b6baa1mr3562723pjb.10.1685479616815; Tue, 30 May 2023 13:46:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479616; cv=none; d=google.com; s=arc-20160816; b=y7b3HbFKYGsqGNYNEzf+y7zF9kO0Xsw6itMjykSWgo1Zuv9Y0qqOKN9UAksKWFaVr+ 1hiow0d2c9c7NMkdBcwe7Gk+Zu3MK3AUsOAMYhCKsW9DLW4gCnAxPWdFq2pXMhYi2lQ4 cIkJcb89R9WMk/CtlFoSEED+NKx4QxskVtE3Dc73up7c1sOFaPmwowClodTmQjpB732P OjgldD+HGhTj6iBIAHfxUNWhfvLeHUf5f7kDE9t0C+ypetR39TwZsePLKVardT0ZlTH1 e/Kc1/BpoL+d9EUOuzJbfQ1gvWWkKi8nDXN5qRsQeNzvIMS66/+lKJJbSKfPsRftyEpU Y2xQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=eT2dle5SRulVFDzi62TQ1IQZDI2oVYJkexEdj7/Fslc=; b=x8kKXwStlrqire0mFX5G6EtcMH4eyEpy3eIjkBBfGNdh6VXDirV6R3uA7XyJrzYLfA OrWu7E+7LM7vz5vZ+ejplaDKX7xe5APq1b6bJqAgOCfwvN3Yb/RzMwbht15Z49gCwQNJ jGBT9YMVI/XBPcrb7yN+LCPDHfDvDuJv1JlLp9bHo/qwXSJsigV7m9ak56ATB3v78bDt q2Vl4wn+8g8hV4Ikeep9Sq31YbxT1v3Y7ySG+I6uaEKCFatzCN1g2A8sjBGmPNRllcBX qYLOslQIOqC28bKpZieOt5xXghI+PhqKS625uDXghJac0vY5stYq+scQd5UAbV3YjEBq o4tg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=TjsQAkSu; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=fx+WGukn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a17090aaa8100b002534791ea59si1175826pjq.28.2023.05.30.13.46.45; Tue, 30 May 2023 13:46:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=TjsQAkSu; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=fx+WGukn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231130AbjE3UdP (ORCPT + 99 others); Tue, 30 May 2023 16:33:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233516AbjE3Uc5 (ORCPT ); Tue, 30 May 2023 16:32:57 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 879B6E70; Tue, 30 May 2023 13:32:26 -0700 (PDT) Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id C38563200948; Tue, 30 May 2023 16:32:06 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 30 May 2023 16:32:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478726; x=1685565126; bh=eT2dle5SRu lVFDzi62TQ1IQZDI2oVYJkexEdj7/Fslc=; b=TjsQAkSuKW8jtKf3DGsyG9k8zB Trnwh7BYpObxsovagPyZP1xIVriYTxgHNSH5nj9ifAbA9gdN6AbnhABYUrz7X2Zz KpEy+jDQaGp2QjfZ4PUwmZEO98fqknFuIn6qaYfZfNH4vntEEHsm4e4VAkqo4yo0 PnkSH+j3F9HYaNylPFWtqgof0/h6RnGJmADeTa+W0iOQ/33+BsxtUOzDvpOhuWyA pRxIpcnJp87HASHTkoCnA+XuZLjzC5ReS3XQCm6OVf1wK7aoDpuRON/3CGE8D3hA TVOl0GJyhdVvxWcF1R6HiMZ2JYdtrEIzCiMn7PYtSWSKaryTZBhGxMxOJMpQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478726; x= 1685565126; bh=eT2dle5SRulVFDzi62TQ1IQZDI2oVYJkexEdj7/Fslc=; b=f x+WGuknoInsViw78HCTgMny6arWnrKDaevCR8NIQfxAqzpjLevOC+ucbiCUnt8No wfD1dHHzk4dunu2DDvLgkxgvQcvcbLuITSJjFO1dZ6QYMU2EYxHMT4yLaVN4S07e YWJ37QTAJGrcHBVA4qwlGST9+Hu998Nj53zoG9/psvzFlUVLP7246H1dAOyf2cO6 /TKVgGoVfRr6YDDbw7Wlv4ZUL1wEgu2LEIaitpXknaBbAtMtwdgCVZB86ZjR6/9s V6CvT6TpCsRdaZOMkl0LfAzvQUxC1DMUqe5tQBYSfFcaz8Jjc2YKLKxsMqowUIfF 2SwuwNy1+1MMOXK1ij1PA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:05 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 11/16] device-mapper: "." and ".." are not valid symlink names Date: Tue, 30 May 2023 16:31:11 -0400 Message-Id: <20230530203116.2008-12-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353474570154474?= X-GMAIL-MSGID: =?utf-8?q?1767353474570154474?= Using either of these is going to greatly confuse userspace, as they are not valid symlink names and so creating the usual /dev/mapper/NAME symlink will not be possible. As creating a device with either of these names is almost certainly a userspace bug, just error out. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 9ae00e3c1a72c19575814cf473774835b364320b..17ece816d490b6c40d019da131ade44c9a201dab 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -775,8 +775,10 @@ static int check_name(const char *name) return -EINVAL; } - if (strcmp(name, DM_CONTROL_NODE) == 0) { - DMERR("device name cannot be \"%s\"", DM_CONTROL_NODE); + if (strcmp(name, DM_CONTROL_NODE) == 0 || + strcmp(name, ".") == 0 || + strcmp(name, "..") == 0) { + DMERR("device name cannot be \"%s\", \".\", or \"..\"", DM_CONTROL_NODE); return -EINVAL; } From patchwork Tue May 30 20:31:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101107 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2445647vqr; Tue, 30 May 2023 13:34:44 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4SZBQKexMfi5+oM4cRdm6TLHwQLifdueHB+mDXa5qWN8Ta8uUXeVXXg6BZoIffCGKHYkXS X-Received: by 2002:a17:902:c411:b0:1a6:7b71:e64b with SMTP id k17-20020a170902c41100b001a67b71e64bmr13781578plk.15.1685478884376; Tue, 30 May 2023 13:34:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685478884; cv=none; d=google.com; s=arc-20160816; b=JKjBFCLVamkka/WRhbQVzbbIQvJ1qx5ikSMnDP1wmxfkSe5vOCkFOdDj6SZQMg4F9e ng0XioJpm1Un/60wsPFftg402tPl+KX4VTeEGsi66VBy9YKhWZMP6ZRzaQJ5LM1t8tV4 LjjqlnjUmHI7hZ67IKgeMKBAoU+HazGKhaWotjPYPOMBLRjCdZoFO0cdABIidYZYadq2 LCQyo2YtY1l04FVpLMfI7sBMT7Afy9BcrDNpe2avaylUQYSqk8VyQLkbgjSwbIyRyPD9 K3qZ+uOpMcyZI+b+agyetWeByB5ckuup0h+Q/dPnKq3k+KZK7kAKnB2opzTSevDmwa1k Zkdw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=irr2EYlMc/ep40A7KRI/xWi2gREEnIhu2G5hCeO8CLU=; b=w/RfABlaXKLe5zdqN5rpm4JlI+A/FeLBwK0QjTtp3SFEVD246s29p8m207Las5XyHV 7/9Kcu5IIZNDqU5PzVjGcpo0f1OhYnIoDonPo3kzsrYZfZFvoy6meLDXl1T9ekAq8E1e shwaRhZNaHCbDkCuIJ3EVVsZ3sd16X/v8kLUNZUz9FB7QApJGd/iiKWJHswpv1Y3tKoo ysAUrSy7i7XFMHSMVUX8N5TxMd8aDrmmyaDkh1xbArUW3RRF2rIiqASoHbdTyaR1pads egr40gcDU/q5UQcbjaLDapd1HDPsQI9XcjPf0zxGfhYTR2Av5Rwgh075KbtExQTu86Y+ 34hQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=hURAEgyL; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TfCfk4e0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u18-20020a170903125200b001ac495a2f96si2664106plh.559.2023.05.30.13.34.32; Tue, 30 May 2023 13:34:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=hURAEgyL; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=TfCfk4e0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233455AbjE3UdY (ORCPT + 99 others); Tue, 30 May 2023 16:33:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233112AbjE3UdE (ORCPT ); Tue, 30 May 2023 16:33:04 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F0CF10C0; Tue, 30 May 2023 13:32:33 -0700 (PDT) Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 723F63200943; Tue, 30 May 2023 16:32:09 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:32:10 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478729; x=1685565129; bh=irr2EYlMc/ ep40A7KRI/xWi2gREEnIhu2G5hCeO8CLU=; b=hURAEgyL29RZKJ+OYcTsErbDM/ S1Ul5/NUJUPSUYPM5HMp20PXXk0gLiNmvxjoP1CB2io9qAj/T4B/cqHiaSjgGmi8 0OUe8kLmaoL/YVBAxDpvilMIDBf/Y2qDnpqjA2O6Z1bm6pdtSzAuU8pbwRpb/64E t3nTRGtgH4YjIZNDyv9MRjk+yomLwVCQZeoxQogkrfQEBvmCXu28G+w8CDjq/W3w Mx9lG3fpLwdz3h+U33/HWIfxkCWVZsJU414cVmYbYoJ0vUv3StWVENMkJBzowoLX 64xRWpZtQ+yZbqGZ94lNuiuB4ECWPLAOLRd5LUD0psVSjobpmBc7joc+izig== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478729; x= 1685565129; bh=irr2EYlMc/ep40A7KRI/xWi2gREEnIhu2G5hCeO8CLU=; b=T fCfk4e0EN396eUbVOrH0ULWVryoukeqNEcqlz5QS2HXpBrwM99heFQhEMM352iV6 XAioIqwlM6bC2bcJ15QZDtZssrnTAGcrNi3nu0JQPPTg/gHaMcm2YXhbjbcvIdQQ 4+3ZjJ25Umxss9+sYsD2GfoZvAZN93/LREI/kYsX68VNvJdeBwv4W88M+K8GvrLk GhCudBNacqw+ctxx40im2bofmCkHltz0hoFc6VCGvIwgHePd+PRtAT6qflQL54sH rbfRPUaLSDzs1SnGq04bsIi17Eg2y8geLVB1gOhZF3+sb+8P2bG2PY/EzAnSWset u/evqcp9ruAl8Jc+bKtNg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:08 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 12/16] device-mapper: inform caller about already-existing device Date: Tue, 30 May 2023 16:31:12 -0400 Message-Id: <20230530203116.2008-13-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767352706712702485?= X-GMAIL-MSGID: =?utf-8?q?1767352706712702485?= Not only is this helpful for debugging, it also saves the caller an ioctl in the case where a device should be used if it exists or created otherwise. To ensure existing userspace is not broken, this feature is only enabled in strict mode. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 17ece816d490b6c40d019da131ade44c9a201dab..44425093d3b908abf80e05e1fc99a26b17e18a42 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -256,11 +256,13 @@ static void free_cell(struct hash_cell *hc) } } +static void __dev_status(struct mapped_device *md, struct dm_ioctl *param); + /* * The kdev_t and uuid of a device can never change once it is * initially inserted. */ -static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md) +static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md, struct dm_ioctl *param) { struct hash_cell *cell, *hc; @@ -277,6 +279,8 @@ static int dm_hash_insert(const char *name, const char *uuid, struct mapped_devi down_write(&_hash_lock); hc = __get_name_cell(name); if (hc) { + if (param) + __dev_status(hc->md, param); dm_put(hc->md); goto bad; } @@ -287,6 +291,8 @@ static int dm_hash_insert(const char *name, const char *uuid, struct mapped_devi hc = __get_uuid_cell(uuid); if (hc) { __unlink_name(cell); + if (param) + __dev_status(hc->md, param); dm_put(hc->md); goto bad; } @@ -901,12 +907,14 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si m = MINOR(huge_decode_dev(param->dev)); r = dm_create(m, &md, param->flags & DM_DISABLE_UEVENTS_FLAG); - if (r) + if (r) { + DMERR("Could not create device-mapper device"); return r; + } param->flags &= ~DM_INACTIVE_PRESENT_FLAG; - r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); + r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md, param); if (r) { dm_put(md); dm_destroy(md); @@ -2269,7 +2277,6 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us goto out; /* This XOR keeps only the flags validate_params has changed. */ old_flags ^= param->flags; - param->data_size = sloppy_checks(param) ? offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); r = fn(file, param, input_param_size); @@ -2284,9 +2291,14 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us param->flags |= old_flags; /* - * Copy the results back to userland. + * Copy the results back to userland if either: + * + * - The ioctl succeeded. + * - The ioctl is DM_DEV_CREATE, the return value is -EBUSY, + * and strict parameter checking is enabled. */ - if (!r && copy_to_user(user, param, param->data_size)) + if ((!r || (!sloppy_checks(param) && cmd == DM_DEV_CREATE_CMD && r == -EBUSY)) && + copy_to_user(user, param, param->data_size)) r = -EFAULT; out: @@ -2465,7 +2477,7 @@ int __init dm_early_create(struct dm_ioctl *dmi, return r; /* hash insert */ - r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md); + r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md, NULL); if (r) goto err_destroy_dm; From patchwork Tue May 30 20:31:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101116 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2452093vqr; Tue, 30 May 2023 13:48:14 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5gMcesLW5C/S1OthfmT/8Nelis6wSsBHWbcB4pNqaIqg2lLlrcG628/KeOCqACO1K+9GtR X-Received: by 2002:a05:6a20:3d08:b0:110:29dc:612e with SMTP id y8-20020a056a203d0800b0011029dc612emr4041238pzi.33.1685479693956; Tue, 30 May 2023 13:48:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479693; cv=none; d=google.com; s=arc-20160816; b=wSOPlP0st6ao84wSfBkQ7yo5X2eX9uHjRAjkXJldjNSdpyKQbP9tuA7Yo+3lY1kESE mHl3WBdzZsa/XHtxmizsl7a7VyllNHdyWeAhMw8DpG/99ZZH1YwnedFtjUMRiVOypDAh FzHrJbY5Zo1uS7V+GuOkFpV+HB+jszPRfuJJ9hjQKr3LAwH4MVF+YDSxBMqw50MbH6SX /FHxGeoo0MP2yS5DnN/RMxYksvMz+g0rersG9duA4cPZ9fwFu2sZ/0AAteZaf24cXlsI z5ZZxkFX0J+ruNYQMYlkWUyGvaU6ObiFpFeEdgNi6CbJvCNAR2OASvwEhydqNSSBg41/ ePeA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=KqvPH9pDDfrZerL/j1Q0a8RK2jTSm93zECezjcEfZ7Y=; b=PwKA+qr9h+Ay/gNie/2z+plpceiWjnGZ9SmjNbIJngiUiYg6LF7w9sRBh5b9WjYxV7 gvVqDjlwyS54oujpR/F/p+gmfI9gNKUDlk1sLuQ6KvTRxasKskS9Q/oW4hSGpFe2hZ5l h6Pun7RWt/lhsD3OGY97kj566z+PV2BPyOCyniFBQCncILFYwdHv+lfftKAqs1IlwooI QxmUXI8li4p1kJ1VkjDdJ4ATh+hi6DpDZ1HOYI2StRJb6ZaYMbaXPk+RW754rhtRO7YA u/lOsIhPQyU2wgh672F5wAhOaLal7B2ynpiNY6NFAGuCvaOnrEwgerqsooNuWRJqQkMk YXwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=CeUdXfyO; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=x1E+gfj5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ip14-20020a17090b314e00b00250cb2a2000si13139340pjb.113.2023.05.30.13.48.01; Tue, 30 May 2023 13:48:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=CeUdXfyO; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=x1E+gfj5; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230238AbjE3Udf (ORCPT + 99 others); Tue, 30 May 2023 16:33:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55868 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233484AbjE3UdQ (ORCPT ); Tue, 30 May 2023 16:33:16 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B48CBE49; Tue, 30 May 2023 13:32:45 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 6EF803200934; Tue, 30 May 2023 16:32:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:13 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478732; x=1685565132; bh=KqvPH9pDDf rZerL/j1Q0a8RK2jTSm93zECezjcEfZ7Y=; b=CeUdXfyO67/whbrhgac9/avXLW eru7QHUZqMx94QYfPMlVXU+ui+tRFdwVPN9xlP9gICmNJdQalLaUVoS7Zc943wjC sJFZiHqqQBqawmzSq2uS5sj0kejzU2ucPIFyOcLtjPgoyrOKSyZ8v6CejqHwIIVf QhSSQhpepZN1qfTatTXNiFRN45qghiX/endy/GoXyAo4OF5DvAqSC+R4tvUZql/g Twf7nZVK/OZ+O5hzh/GEO/K+xp6lZGqfRa1L4ridR6SwKojehZihM4jei6a9/TkB 0NXGvH2/Oo567MZ7sqO1hRGDy2T5AnJVIsGfHDdoKrXfptumV12qVDqo43kA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478732; x= 1685565132; bh=KqvPH9pDDfrZerL/j1Q0a8RK2jTSm93zECezjcEfZ7Y=; b=x 1E+gfj51gX0i5a8eh20dla4FZptdVnV/3RIPZB3nB5jAIbu455IAdaMdcicMgN6O 4SBqvYe9KR4Kej10pm88BwhRbA3HJRbxH//tVjialFMNZJrovhqgY1UDyRu1wJcw QHLv45kgxPU7huWf9ipWhx6WsGloc+WqNO4rAhShCMykuP4wA6usnjDEyY/0gRna EhIOGzw6Zx9L9zjSbhcDkSFqBm1jjKHdeYRfdE5UB3scu3hnpjdt5yJterqlZrbv J5cY6BQYk5xcpeviB3QRy1CADT22E0N/XTiASKCzbXfOkz55iiiWUGOl+t2QGjsf 0fnwF/t6q5vZO+QP/5VMg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:11 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 13/16] xen-blkback: Implement diskseq checks Date: Tue, 30 May 2023 16:31:13 -0400 Message-Id: <20230530203116.2008-14-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353555589882854?= X-GMAIL-MSGID: =?utf-8?q?1767353555589882854?= This allows specifying a disk sequence number in XenStore. If it does not match the disk sequence number of the underlying device, the device will not be exported and a warning will be logged. Userspace can use this to eliminate race conditions due to major/minor number reuse. Old kernels do not support the new syntax, but a later patch will allow userspace to discover that the new syntax is supported. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/xenbus.c | 112 +++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 23 deletions(-) diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 4807af1d58059394d7a992335dabaf2bc3901721..9c3eb148fbd802c74e626c3d7bcd69dcb09bd921 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -24,6 +24,7 @@ struct backend_info { struct xenbus_watch backend_watch; unsigned major; unsigned minor; + unsigned long long diskseq; char *mode; }; @@ -479,7 +480,7 @@ static void xen_vbd_free(struct xen_vbd *vbd) static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle, unsigned major, unsigned minor, int readonly, - int cdrom) + bool cdrom, u64 diskseq) { struct xen_vbd *vbd; struct block_device *bdev; @@ -507,6 +508,26 @@ static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle, xen_vbd_free(vbd); return -ENOENT; } + + if (diskseq) { + struct gendisk *disk = bdev->bd_disk; + + if (unlikely(disk == NULL)) { + pr_err("%s: device %08x has no gendisk\n", + __func__, vbd->pdevice); + xen_vbd_free(vbd); + return -EFAULT; + } + + if (unlikely(disk->diskseq != diskseq)) { + pr_warn("%s: device %08x has incorrect sequence " + "number 0x%llx (expected 0x%llx)\n", + __func__, vbd->pdevice, disk->diskseq, diskseq); + xen_vbd_free(vbd); + return -ENODEV; + } + } + vbd->size = vbd_sz(vbd); if (cdrom || disk_to_cdi(vbd->bdev->bd_disk)) @@ -707,6 +728,9 @@ static void backend_changed(struct xenbus_watch *watch, int cdrom = 0; unsigned long handle; char *device_type; + char *diskseq_str = NULL; + int diskseq_len; + unsigned long long diskseq; pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id); @@ -725,10 +749,46 @@ static void backend_changed(struct xenbus_watch *watch, return; } - if (be->major | be->minor) { - if (be->major != major || be->minor != minor) - pr_warn("changing physical device (from %x:%x to %x:%x) not supported.\n", - be->major, be->minor, major, minor); + diskseq_str = xenbus_read(XBT_NIL, dev->nodename, "diskseq", &diskseq_len); + if (IS_ERR(diskseq_str)) { + int err = PTR_ERR(diskseq_str); + diskseq_str = NULL; + + /* + * If this does not exist, it means legacy userspace that does not + * support diskseq. + */ + if (unlikely(!XENBUS_EXIST_ERR(err))) { + xenbus_dev_fatal(dev, err, "reading diskseq"); + return; + } + diskseq = 0; + } else if (diskseq_len <= 0) { + xenbus_dev_fatal(dev, -EFAULT, "diskseq must not be empty"); + goto fail; + } else if (diskseq_len > 16) { + xenbus_dev_fatal(dev, -ERANGE, "diskseq too long: got %d but limit is 16", + diskseq_len); + goto fail; + } else if (diskseq_str[0] == '0') { + xenbus_dev_fatal(dev, -ERANGE, "diskseq must not start with '0'"); + goto fail; + } else { + char *diskseq_end; + diskseq = simple_strtoull(diskseq_str, &diskseq_end, 16); + if (diskseq_end != diskseq_str + diskseq_len) { + xenbus_dev_fatal(dev, -EINVAL, "invalid diskseq"); + goto fail; + } + kfree(diskseq_str); + diskseq_str = NULL; + } + + if (be->major | be->minor | be->diskseq) { + if (be->major != major || be->minor != minor || be->diskseq != diskseq) + pr_warn("changing physical device (from %x:%x:%llx to %x:%x:%llx)" + " not supported.\n", + be->major, be->minor, be->diskseq, major, minor, diskseq); return; } @@ -756,29 +816,35 @@ static void backend_changed(struct xenbus_watch *watch, be->major = major; be->minor = minor; + be->diskseq = diskseq; err = xen_vbd_create(be->blkif, handle, major, minor, - !strchr(be->mode, 'w'), cdrom); - - if (err) - xenbus_dev_fatal(dev, err, "creating vbd structure"); - else { - err = xenvbd_sysfs_addif(dev); - if (err) { - xen_vbd_free(&be->blkif->vbd); - xenbus_dev_fatal(dev, err, "creating sysfs entries"); - } - } + !strchr(be->mode, 'w'), cdrom, diskseq); if (err) { - kfree(be->mode); - be->mode = NULL; - be->major = 0; - be->minor = 0; - } else { - /* We're potentially connected now */ - xen_update_blkif_status(be->blkif); + xenbus_dev_fatal(dev, err, "creating vbd structure"); + goto fail; } + + err = xenvbd_sysfs_addif(dev); + if (err) { + xenbus_dev_fatal(dev, err, "creating sysfs entries"); + goto free_vbd; + } + + /* We're potentially connected now */ + xen_update_blkif_status(be->blkif); + return; + +free_vbd: + xen_vbd_free(&be->blkif->vbd); +fail: + kfree(diskseq_str); + kfree(be->mode); + be->mode = NULL; + be->major = 0; + be->minor = 0; + be->diskseq = 0; } /* From patchwork Tue May 30 20:31:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101109 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2448899vqr; Tue, 30 May 2023 13:41:07 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4bA9+9dbRKRJ0qQbkAIOUMy5WGvQOpmgMuh99rjN4nVMiGWcCtZ1po8OfMGDlvf5Y0N/1i X-Received: by 2002:a17:90b:358e:b0:24b:be0c:6134 with SMTP id mm14-20020a17090b358e00b0024bbe0c6134mr3628113pjb.33.1685479267220; Tue, 30 May 2023 13:41:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479267; cv=none; d=google.com; s=arc-20160816; b=BdrS2pBqw3ex2XboO/rpkOX1dvfIYqL1Os2shO2JC16z4IQ7Nh0QzOna7TCevjCtDp MXdivRiLKUf7OH/whUxbX/VCPNxdO4QSpPfORHD6qYiu9TG2GtjE1Y6EiIM2kZ/uva1t 5UB+zqy2CRkoxW7hFHR2ep2U8v0J1s14ocPgdKDsFvZ4on02LUhJlpO8Tns7CYbjlsjv S5l7TYyKKXFvB8VFSplg8VnNIIEWvTH+YE0R4sEHWqlPOfnUqBrggsX3XZU2tUC03yVN PRuIX2HKMXoL8BwA62UC3kR5jdrQsF0T02Bep6Wr4Cg4RRRnRDXVtgoWvXsQIwqUnfYx sCmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=g5zq4E4lPjcpxmqA493MTNjpJWMfGCfLjfMtSBIRfwE=; b=bZhdipiusDSEkiX95huTrhrXA/w7fOcK1T54kmrbz0f8OrPT7HFZSUs6yUsbIF00L8 sSsQcwEqx8ReuCefPLpvSrRym2NJD9N8bYogr4MV3SwqELN2yEPq/LzYM1z/+tuP+qWt cxRM/2X6FyOKhYLH+dBzTrxqs3PlQEp9e86SGtkMxI5meV1+LBYcmwfiWvB+QcVGVhA1 1jHxZYAKcTSMRqg3mz4/5pDXotOlwasYidqNt/dLWcJoXW8Sn5s0bzY37Z1i3VyhPq7I BF/i1Ay57GdGbIL/qLLqXiKinOs5kFCUA5U6MRi6tofjllaAhp8pEgXTelHQ7dPOf1yt XGNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=btbUEJhZ; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HSuVjZAM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a17090aaa8100b002534791ea59si1175826pjq.28.2023.05.30.13.40.53; Tue, 30 May 2023 13:41:07 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=btbUEJhZ; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=HSuVjZAM; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233520AbjE3Ud6 (ORCPT + 99 others); Tue, 30 May 2023 16:33:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233533AbjE3Udq (ORCPT ); Tue, 30 May 2023 16:33:46 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1141EE68; Tue, 30 May 2023 13:33:19 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 4714F3200941; Tue, 30 May 2023 16:32:15 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:16 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478734; x=1685565134; bh=g5zq4E4lPj cpxmqA493MTNjpJWMfGCfLjfMtSBIRfwE=; b=btbUEJhZQrCus6G2cmEF0UCOcj HNQw5o5uoDqCKaQPz1xaoENxf/gqQkjPOKEpiYtWko86dN7B8bAa/1edBnKcRD7G oQ35bPjRiDM3Jv8XO1PvPnA7DMenzs5QntueBspv43BZbVUDcRuKnOjgJrhEm+4R rrkZDloEyf4nIxvooH5WoAn0qyYo1buSox+f90jbf6nqe8FEXeQXhcBszbyjJ0PT OKbXpnhvHop3pjBRjTF1k5EOi6rr3vwj7D2WCRY0I3CPSydA9M5iRpuK60HEX8jy 2JVKqdSSuG8cj0Mk9QjkKkJcPE3ivgkave7ORC7XdxNQ5YP17scWJOh05bXw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478734; x= 1685565134; bh=g5zq4E4lPjcpxmqA493MTNjpJWMfGCfLjfMtSBIRfwE=; b=H SuVjZAMaB+BwxGijqAt8c9WB79vIciVrFRlLtCOky9UQfMhAcjJT6a0VfxdmETVV 8nEF3+nsP3QXtkVaQ9HylXOplwnBU37jG6FMC+6U3sAiOJR8vllWwxVRB/bJAJGE o8bZWd+Fr97H/XWkQ3GYu4EmvQTHh7b+bAUlYcKH2xBKKmp1xkiy2sC9i429aUhn bZzm0AYgIdeait5fZO9zhL7go84uaGta1a6TuurzUQSKqG7xTdxpGanhw3S6PklV 3SdizlKHz/Q1lWeSqDcVd6A7ngssgCYCwK1H8wUbPyw4kwtT5lUkDxT+HIHKtiXM h1f1eXwlT0CBcdLaEOlRQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:14 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 14/16] block, loop: Increment diskseq when releasing a loop device Date: Tue, 30 May 2023 16:31:14 -0400 Message-Id: <20230530203116.2008-15-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353107898337083?= X-GMAIL-MSGID: =?utf-8?q?1767353107898337083?= The previous patch for checking diskseq in blkback is not enough to prevent the following race: 1. Program X opens a loop device 2. Program X gets the diskseq of the loop device. 3. Program X associates a file with the loop device. 4. Program X passes the loop device major, minor, and diskseq to something, such as Xen blkback. 5. Program X exits. 6. Program Y detaches the file from the loop device. 7. Program Y attaches a different file to the loop device. 8. Xen blkback finally gets around to opening the loop device and checks that the diskseq is what it expects it to be. Even though the diskseq is the expected value, the result is that blkback is accessing the wrong file. To prevent this race condition, increment the diskseq of a loop device when it is detached from its file descriptor. This causes blkback (or any other program, for that matter) to fail at step 8. Export the inc_diskseq() function to make this possible. Signed-off-by: Demi Marie Obenour --- I considered destroying the loop device altogether instead of bumping its diskseq, but was not able to accomplish that. Suggestions welcome. --- block/genhd.c | 1 + drivers/block/loop.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/block/genhd.c b/block/genhd.c index 1cb489b927d50ab06a84a4bfd6913ca8ba7318d4..c0ca2c387732171321555cd57565fbc606768505 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -1502,3 +1502,4 @@ void inc_diskseq(struct gendisk *disk) { disk->diskseq = atomic64_inc_return(&diskseq); } +EXPORT_SYMBOL(inc_diskseq); diff --git a/drivers/block/loop.c b/drivers/block/loop.c index bc31bb7072a2cb7294d32066f5d0aa14130349b4..05ea5fb41508b4106f184dd6b4c37942716bdcac 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1205,6 +1205,12 @@ static void __loop_clr_fd(struct loop_device *lo, bool release) if (!part_shift) set_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state); mutex_lock(&lo->lo_mutex); + + /* + * Increment the disk sequence number, so that userspace knows this + * device now points to something else. + */ + inc_diskseq(lo->lo_disk); lo->lo_state = Lo_unbound; mutex_unlock(&lo->lo_mutex); From patchwork Tue May 30 20:31:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101113 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2451306vqr; Tue, 30 May 2023 13:46:34 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ5jmWfFXzhz1Rmcy4aOLGoxLjXVP860oEqkl7xaRu7P0Lf1Ml5qN9+nvU/jmeySmI3+WHlk X-Received: by 2002:a05:6a20:394a:b0:104:b7b4:e044 with SMTP id r10-20020a056a20394a00b00104b7b4e044mr4142695pzg.48.1685479594302; Tue, 30 May 2023 13:46:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479594; cv=none; d=google.com; s=arc-20160816; b=pi8hgltRBo1LTu0q8UIosS2Btp+m2JaUTOG3awiSJnR4lXNfbpFJToLrC9QOfgzcvB dZhveLbSN0Hr3AYNwVouDk7CQyBoRZQxvI40ftTTy5hY6LSNhtja9OQTslUAGljhMkAu QUICngrZbz4CKJB5Qf74qTpwQkvnBwTSajosqFght2j+lUlVx2caypLWffGiSiC9eipJ DdvqU45uIzE0pNgcuN5agkkeFLuInIfnOTUaa3d3dHuWdkU1M0j8myr1nt75ICt3S9+i 4PGjwrnS/oW2HdUHpxKViSyWYyb+gyN4cg7rLy0Ty5V60IDfHce/zqN9Y3zohylCyX8w ApFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=1g7wCby6gdLY4jovUh0//kEDEi26QbSZsUz9aHtBM2E=; b=GIlVP2Rg7+GOME9u7LpI1pyK6SxOLWeYQkrsmEbTmebECvyUhLb2zHGhnUfU5lkf1q KsG6CugssqiXnRYV1VvwqMDI15FwYWuHhwOLdwnxJwtwLK1Ad2XjsnPZewXqCbtZEEds T2jESiJvFU3F3bf8PtthwlE3S9UhhyvZWGOrEofDBTrBzzdLMJ3lJROCMym17Kzhu20a fha8PmEu/S8/hYjfTg3yW22Pp8lrgJD9M0tJdIqmmi6rlbPHp/vRjMoKvGfkJEnt161s mqfmX+yWTq1TY8UodGelHfhSG1XimMi80PtcqOiZcs4sm0tDDx80brE5TkUMglIUYxAJ ik2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=PTeqRnmY; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=r0rkmSaG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l1-20020a17090aaa8100b002534791ea59si1175826pjq.28.2023.05.30.13.46.20; Tue, 30 May 2023 13:46:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=PTeqRnmY; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=r0rkmSaG; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233493AbjE3UeJ (ORCPT + 99 others); Tue, 30 May 2023 16:34:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56194 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233159AbjE3UeC (ORCPT ); Tue, 30 May 2023 16:34:02 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 53C801B3; Tue, 30 May 2023 13:33:27 -0700 (PDT) Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 32CF03200962; Tue, 30 May 2023 16:32:18 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to; s=fm1; t=1685478737; x=1685565137; bh=1g 7wCby6gdLY4jovUh0//kEDEi26QbSZsUz9aHtBM2E=; b=PTeqRnmYVEq0wVDDJD v2NgZMyQcplu/m14wNSYj0ve2VYJmp8/HYabLKde0hrBjhqPZg+BxcpirBxApwy2 KvE46HYM5wnhC/4Udrw7hIu2L32qAPNxDFZSBSqYYIz8YujdBJci/NpTNo+p53K/ ZP8rfzYLpird6egQYWSHAANqz/RZSLswiBplOl2A/y0OyIu1BxIicwKMkAPHGDmV WessmjZhCG8zKV4Ukgz9PvctwW0ATp+S5OvpXekfubo5VoPLDLWvcXJBYNxtQwjv 35EuDW8XkpOFiyYumD6qGJ1/GAkIvB5AhpkolWi7yQxyzJUOn5vpE8RhOvgoL7fS IUPg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t= 1685478737; x=1685565137; bh=1g7wCby6gdLY4jovUh0//kEDEi26QbSZsUz 9aHtBM2E=; b=r0rkmSaGTkR2+3ZnA69S5XdEOZnX5eZ1eqBMohYZ6j1pDR1bBh3 P1bQkHb1aiBf1/paYWLWZ6AQv38yySL0NXXisjeAkN/2Fw6/19D61jXb67QHtocH nY2dPHsGsa+vj/j56DVnnMYRzaWKLjV/o+G6vMbtTDRYca8UuWRp7PMHxrv2wb8g cdHne0mqgpSzSUcH6DyBsqFNuKPGlHeL7aPXNEEqKgjzioAq5o9+iWqS12vVJbzI VeUakDmBw1pkRDsIoh9JGCA82dK2Ag5zfwJrLSviRxJc/0zfHHW/oSddQhvVWtM4 21jj9qe9xf4rI1JLfrZVS7uAi/G3uQwtsKw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfgggtgfesthekredtredtjeenucfhrhhomhepffgv mhhiucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhih hnghhslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhepkeefieekhfdtgeeuueelleeg vdetieehgfejteduvedvvdejudetudelfedukefhnecuffhomhgrihhnpehinhguihhrvg gtthdrnhhrpdhinhguihhrvggtthdrihgunecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepuggvmhhisehinhhvihhsihgslhgvthhhihhnghhslh grsgdrtghomh X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:16 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 15/16] xen-blkback: Minor cleanups Date: Tue, 30 May 2023 16:31:15 -0400 Message-Id: <20230530203116.2008-16-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353451168872647?= X-GMAIL-MSGID: =?utf-8?q?1767353451168872647?= This adds a couple of BUILD_BUG_ON()s and moves some arithmetic after the validation code that checks the arithmetic’s preconditions. The previous code was correct but could potentially trip sanitizers that check for unsigned integer wraparound. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/blkback.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c index c362f4ad80ab07bfb58caff0ed7da37dc1484fc5..ac760a08d559085ab875784f1c58cdf2ead95a43 100644 --- a/drivers/block/xen-blkback/blkback.c +++ b/drivers/block/xen-blkback/blkback.c @@ -1342,6 +1342,8 @@ static int dispatch_rw_block_io(struct xen_blkif_ring *ring, nseg = req->operation == BLKIF_OP_INDIRECT ? req->u.indirect.nr_segments : req->u.rw.nr_segments; + BUILD_BUG_ON(offsetof(struct blkif_request, u.rw.id) != 8); + BUILD_BUG_ON(offsetof(struct blkif_request, u.indirect.id) != 8); if (unlikely(nseg == 0 && operation_flags != REQ_PREFLUSH) || unlikely((req->operation != BLKIF_OP_INDIRECT) && (nseg > BLKIF_MAX_SEGMENTS_PER_REQUEST)) || @@ -1365,13 +1367,13 @@ static int dispatch_rw_block_io(struct xen_blkif_ring *ring, preq.sector_number = req->u.rw.sector_number; for (i = 0; i < nseg; i++) { pages[i]->gref = req->u.rw.seg[i].gref; - seg[i].nsec = req->u.rw.seg[i].last_sect - - req->u.rw.seg[i].first_sect + 1; - seg[i].offset = (req->u.rw.seg[i].first_sect << 9); if ((req->u.rw.seg[i].last_sect >= (XEN_PAGE_SIZE >> 9)) || (req->u.rw.seg[i].last_sect < req->u.rw.seg[i].first_sect)) goto fail_response; + seg[i].nsec = req->u.rw.seg[i].last_sect - + req->u.rw.seg[i].first_sect + 1; + seg[i].offset = (req->u.rw.seg[i].first_sect << 9); preq.nr_sects += seg[i].nsec; } } else { From patchwork Tue May 30 20:31:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 101112 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp2451128vqr; Tue, 30 May 2023 13:46:11 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7x8ZoCE78C0FM6BmFLs69zVReeb0sBqMHNvQ5Sa7gtEuQSqQvRANO0aSC3oIC5QiNxoV34 X-Received: by 2002:a17:90b:d0b:b0:256:4189:2b0d with SMTP id n11-20020a17090b0d0b00b0025641892b0dmr3830284pjz.12.1685479571421; Tue, 30 May 2023 13:46:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1685479571; cv=none; d=google.com; s=arc-20160816; b=0JbRr+qRd0L8k87fg1RvPd0KmSHB/WZpnn3J/ojtGf5TufmEJsGtPEC+UVq8rlTkmP zhvxgUtuJtFFBE5BSG4C4uEj74I3rl0/OElQBdUHztsgYlAajwfwXoam5VJZ46pAj2jz K8j7Q2QjmroSFH2j2cmkDjRbNWIxW69K3DHovNtMrHP2jJdCUtquahDFFT5y20Vn5k/0 jucfx7u2+unKqDrRD02XNai/LO/YrWk3H2HBzGl00leM0lArdQf1IaxUCjhaHjvIG/Qp eGteGQLADuZUXrpvH2pCPBorao6v4kihrGsrsHtruGrUYKjwHJoqZvdnfe2nsox24sU7 CH9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :feedback-id:dkim-signature:dkim-signature; bh=gJtXKfjMb5k3PryJlBFsKsS3ZINd0EksqBFZ4ekKEDw=; b=deYT/eAwc8gkA0LPAucyVZ4QIK+TFRJM/mDU2hSVQ/GH5wz8yz72UR2MZjCF4DrTAZ /V5n5+2PVU0WgrKnt5Gfw5zBim8qM02/2YKlhqE0ulzv12RPUe42m+MCZEE3nPuSgOQg F0YnwZ2mJBCk+KOs0qqT2mXZXngtOa3/ICljEJgRkkn2IuuUmMS88N2diZgMqFLmbtwj jONfQhTsZ/OgWkvSk/OhMM9YiHwx6NOSMHVqAmKR85/BJ2zx9aNIWvO3mj/lwFGLHjJ9 +tJkNG920I84WNx0WEzTIiQwccX+gjQrMe1iCsUbR8gvHMdSgLd1E9NdA3h9tcF9f+zV iiiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=iSW8ttt2; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=oQbHhAjd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ip14-20020a17090b314e00b00250cb2a2000si13139340pjb.113.2023.05.30.13.45.59; Tue, 30 May 2023 13:46:11 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@invisiblethingslab.com header.s=fm1 header.b=iSW8ttt2; dkim=pass header.i=@messagingengine.com header.s=fm1 header.b=oQbHhAjd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233527AbjE3UeM (ORCPT + 99 others); Tue, 30 May 2023 16:34:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229893AbjE3UeJ (ORCPT ); Tue, 30 May 2023 16:34:09 -0400 Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 50BDDE42; Tue, 30 May 2023 13:33:32 -0700 (PDT) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 0D022320096E; Tue, 30 May 2023 16:32:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 30 May 2023 16:32:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= invisiblethingslab.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1685478740; x=1685565140; bh=gJtXKfjMb5 k3PryJlBFsKsS3ZINd0EksqBFZ4ekKEDw=; b=iSW8ttt26dngYvxurKxiOI2vd1 WHoQ92v7hwye8qiWm/sMzD3pqp5ya8c2OA22dKJKDKSCyzxijZP+Dp144KoNmvpt K8OI+kD4ismX23LXNvkYBIS8haogcvQd7EEZ19u32N/1GOR8sh6VaGOBsVQxw9Bq zrT17xw8paAPsuaett1MoyqWDe6uGCPznnCFymKvWzjN2rUubwy9Ob0uFq6jMg76 gqlN1m7Mc8Mkxu+yjAxvH0vX7/PlJqdVVec52wcaqJpFToYt9AxPY3yOgBt+RjEI aG4fzuzWpC22NKMBxr6O/RMjHdv28qKWfTHlwgkpaOz+BcWrwFwxRmGMeaMg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1685478740; x= 1685565140; bh=gJtXKfjMb5k3PryJlBFsKsS3ZINd0EksqBFZ4ekKEDw=; b=o QbHhAjdGI/824Nl01Pip/x1ESJBxXGnNCUCk4Arc6BskEm0MTh9UC6MZYaR2q79S k1Uqb9Vj1z9f6r5u3H1HVCqm/h4f+Vs2C2I55ZxnoCF18+ZrNegBzgUSduwuENN3 ZelAmC1BB6EziOQZ1m0S4cDcLpBIGrjkaMEsTbam0kd7jHN3XymXk0VF7iAEn4+L g585WZp+QBIJWRDnqGJWJT85ZYmZick+DsS7QTOGtDLjDvulDczBAEFMf2pxjFDZ z70/jIsQbBWGVBj2a0QhQ3776f+UlGOsyvyOBXKD9nxTQaFTHfPjpO3nn2UqnNoO C4Idzu7QZyx3OsqotLhew== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:19 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Cc: Demi Marie Obenour , =?utf-8?q?Marek_Marczy?= =?utf-8?q?kowski-G=C3=B3recki?= , linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, xen-devel@lists.xenproject.org Subject: [PATCH v2 16/16] xen-blkback: Inform userspace that device has been opened Date: Tue, 30 May 2023 16:31:16 -0400 Message-Id: <20230530203116.2008-17-demi@invisiblethingslab.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,SPF_HELO_PASS, SPF_NONE,T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1767353426712740594?= X-GMAIL-MSGID: =?utf-8?q?1767353426712740594?= Set "opened" to "0" before the hotplug script is called. Once the device node has been opened, set "opened" to "1". "opened" is used exclusively by userspace. It serves two purposes: 1. It tells userspace that the diskseq Xenstore entry is supported. 2. It tells userspace that it can wait for "opened" to be set to 1. Once "opened" is 1, blkback has a reference to the device, so userspace doesn't need to keep one. Together, these changes allow userspace to use block devices with delete-on-close behavior, such as loop devices with the autoclear flag set or device-mapper devices with the deferred-remove flag set. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/xenbus.c | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 9c3eb148fbd802c74e626c3d7bcd69dcb09bd921..519a78aa9073d1faa1dce5c1b36e95ae58da534b 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -3,6 +3,20 @@ Copyright (C) 2005 Rusty Russell Copyright (C) 2005 XenSource Ltd +In addition to the Xenstore nodes required by the Xen block device +specification, this implementation of blkback uses a new Xenstore +node: "opened". blkback sets "opened" to "0" before the hotplug script +is called. Once the device node has been opened, blkback sets "opened" +to "1". + +"opened" is read exclusively by userspace. It serves two purposes: + +1. It tells userspace that diskseq@major:minor syntax for "physical-device" is + supported. + +2. It tells userspace that it can wait for "opened" to be set to 1 after writing + "physical-device". Once "opened" is 1, blkback has a reference to the + device, so userspace doesn't need to keep one. */ @@ -699,6 +713,14 @@ static int xen_blkbk_probe(struct xenbus_device *dev, if (err) pr_warn("%s write out 'max-ring-page-order' failed\n", __func__); + /* + * This informs userspace that the "opened" node will be set to "1" when + * the device has been opened successfully. + */ + err = xenbus_write(XBT_NIL, dev->nodename, "opened", "0"); + if (err) + goto fail; + err = xenbus_switch_state(dev, XenbusStateInitWait); if (err) goto fail; @@ -826,6 +848,19 @@ static void backend_changed(struct xenbus_watch *watch, goto fail; } + /* + * Tell userspace that the device has been opened and that blkback has a + * reference to it. Userspace can then close the device or mark it as + * delete-on-close, knowing that blkback will keep the device open as + * long as necessary. + */ + err = xenbus_write(XBT_NIL, dev->nodename, "opened", "1"); + if (err) { + xenbus_dev_fatal(dev, err, "%s: notifying userspace device has been opened", + dev->nodename); + goto free_vbd; + } + err = xenvbd_sysfs_addif(dev); if (err) { xenbus_dev_fatal(dev, err, "creating sysfs entries");