From patchwork Thu Nov 30 20:51:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 172120 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp676510vqy; Thu, 30 Nov 2023 12:51:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IGmMd+UX19aTIQcgfbIUeVX21ioAx4WRaL7GGm357epLYojZFmKDtYiMaOHNRiJtFdeWz/4 X-Received: by 2002:aa7:88c3:0:b0:6cd:fd02:c97f with SMTP id k3-20020aa788c3000000b006cdfd02c97fmr166716pff.9.1701377499253; Thu, 30 Nov 2023 12:51:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701377499; cv=none; d=google.com; s=arc-20160816; b=GsHrjG6kZTTn9n1reXI+JlLacxbtaKh6LJhPCg/SVjRuupDmdkyC2eeg4xwJMCSFzz fBxPMCUjZIn/qzXrA8agGv5harpvF/wozgj/w/ryZoV4XLOqxRpYLRUCIPsv5es1m4SB Ndd0Gc/Zzr+uPZS/y/HVJj5/o3ZPvW00tWkYY41YevsR7hgVhmoYte5z82mroF20Bwd9 cwuoiEJZXOTFbAURoM9TgKGNIhE41LgfabPisC0quzc4QylK4d0ezCyBLthYOy/pIKwi H9asDjXBshkV7B0S4zly2EoThFKsFm3hI9o1SUuZF4+nkBJt+Wm2nfRt2SOMFFtYTgvQ jRPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=daQzNB2URKMV+sGdSQk1lzvSeEi/h6YPbuK5AOf4e9k=; fh=jPF1t1OjVWw43kqQI21RGk54ztKXfsMiTjLe7/DkAmM=; b=eTnHWi8CD+gnPuqK7JbJe8FETKm4Fr6zRwD8wAq+rf+f8xBYVrcyqtO+3HhSnYtQ5V lZt3oT/gtwoRv9yJuhWmaCtCq19QF+ny/QH9q/GIytI5B801g4ZQh/UkvJCkoDb7TEyL ZSPZwG7trH4VIFL5XTHuZHAdYGChSwtpo2qOseMoTeUqn7InIlK6e9t5YDRkcv4rFanp oITDM++ZvtiufEzn5pW5VKt/NKJvqrfMfuFkAlKcrxdeSr6vH+pnlgo4pVuv4wfbxl6/ SypWPCk15yxOHuAHUzV+mfbRYi2XoACM46SZPT/am97QO4SuWebJorTIsIqL3Zr4gz95 nKKQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Gwbbwszr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from pete.vger.email (pete.vger.email. [2620:137:e000::3:6]) by mx.google.com with ESMTPS id bn7-20020a056a02030700b005c202446846si2303433pgb.510.2023.11.30.12.51.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 12:51:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) client-ip=2620:137:e000::3:6; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Gwbbwszr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:6 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by pete.vger.email (Postfix) with ESMTP id 48B1881F3635; Thu, 30 Nov 2023 12:51:31 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at pete.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376778AbjK3UvU (ORCPT + 99 others); Thu, 30 Nov 2023 15:51:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376734AbjK3UvQ (ORCPT ); Thu, 30 Nov 2023 15:51:16 -0500 Received: from mail-pl1-x636.google.com (mail-pl1-x636.google.com [IPv6:2607:f8b0:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 54470170E for ; Thu, 30 Nov 2023 12:51:22 -0800 (PST) Received: by mail-pl1-x636.google.com with SMTP id d9443c01a7336-1d04c097e34so2398485ad.0 for ; Thu, 30 Nov 2023 12:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1701377481; x=1701982281; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=daQzNB2URKMV+sGdSQk1lzvSeEi/h6YPbuK5AOf4e9k=; b=GwbbwszrZbxzNbo6OHTqVXbMyo6NbtEskUiM7FER0CpwulRKzKtZUSBFiMdPdvgY8h e1hyS9VLOdKthYgDsXSfKtqE9nkHxqbiYW67yknVinDGRH2IBRP6j58tp+ABBLtTXqTa Lftt1yYpB82Uea1dsL1d+GcfhdtOFW/duTMIc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701377481; x=1701982281; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=daQzNB2URKMV+sGdSQk1lzvSeEi/h6YPbuK5AOf4e9k=; b=WJafGKuM+P+Rip9PP19DLc7HbIAnEbF2nnTwCoLyJ/zjUIw15ZJKenYPSlhED85C9H ZNWbqAirFD4pJ+3wGSzHQnkfOE0nOdPjrFn/cHfDU8Dc+3RkC/w21NXNa72tP1MEdy8Z 0GRoMpAmjW640/paLzKYqASPT44EtQSVU2sS3E7L9DtKLq1iTPDhQSn72yDZ4i7nSxF6 tkRAeee3wwdE1PNqqKQpMrN6hM+p5Gq0FmCWF8eWEy2lze/IZw3HfHOymIbeFxXPMQ3p cKJUtjIV2QZxl7pEFGbpBsPEJVU1x7a56Pgs1r4nd63lhW9IRMJTc9XWroD0ywVt+iex LKKA== X-Gm-Message-State: AOJu0Yyk3ab+irMZ2eSjUh21NVo7QELrNh6Bp55v5WqPzQDjNkGW9y8m AX86ulOiZcBrexCoZx7pyNfW5A== X-Received: by 2002:a17:902:aa92:b0:1d0:44f6:ccca with SMTP id d18-20020a170902aa9200b001d044f6cccamr2143307plr.32.1701377481681; Thu, 30 Nov 2023 12:51:21 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id v11-20020a1709028d8b00b001cca8a01e68sm1840613plo.278.2023.11.30.12.51.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 12:51:21 -0800 (PST) From: Kees Cook To: Anders Larsen Cc: Kees Cook , Ronald Monthero , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 1/2] qnx4: Extract dir entry filename processing into helper Date: Thu, 30 Nov 2023 12:51:18 -0800 Message-Id: <20231130205120.3642477-1-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231130205010.it.412-kees@kernel.org> References: <20231130205010.it.412-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=5530; i=keescook@chromium.org; h=from:subject; bh=DfWvLuw+1Lt1r34F/RNAIGyeJ3JO5Pv4v9kUKjoCgFA=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlaPXHlsbg/RAPaF3lRor/e48qn5raSb02XFsxv 4ZkTemLuR+JAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZWj1xwAKCRCJcvTf3G3A Ju2FD/9yVnVUO73divQnIWrfkfSj+m1SuNrgcl/i1pzadtaT1HTZsGUv+Ya3kGmHdGQ6fKVnWXi AJn7Pxt6bDSI6Pnp7WwFOPBb50LY7rDQD8VIVpPCShrBa8JeJ8rq6g8STu1qmTtxV7T1JuiacGt 1b2ANdJqcUJJ8cMf5NSaFV/FhgOcihqgxKmKg80oK/N777WPtUHKsO/8X0epDkYWno5tpOxB4K/ EiofZJ8k0RZESvH42dGmA42jq4x/AkPusFHZ6T7oI6+GtzcgcMT5c4Qlh2kMelzZgqSsnkL5yPa WtKaqrom/6134zXVgWqqhQHwg2JPvdnZCWCaPq5Kvy7ERMBDM0bNtU35mIueySSSRdxRF8C9O7W bB5/orMoswd6pf0ksFbpvpGU/F0cCYDEMt/5cH6iM4d6XDbNaEj+o2utREOzfvGRZkNGSvV3rhh byj83Bl55pNV48ZVFGPhRJYI0hqGWqq7b5ZQebP6Je0KZQ2+g6SjaXjCh5fD7PIZrSuwFPubmj9 zp9ooNGudzBGisaj/ruuw5Zuw9bvB+rBbgcFyeUPaLYijtn4kVy/lX+6+yj/LIOf746oaO7TqTd xbns0Al2CLsr5HmW2BYYaNJhz1/SOKSiVb6fHGk9ilzv6MsBmow/kOy0uae+UB39OCG1LcWHl1J KxbuPyxHqnqro3A== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on pete.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (pete.vger.email [0.0.0.0]); Thu, 30 Nov 2023 12:51:31 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1784023612639640668 X-GMAIL-MSGID: 1784023612639640668 Both dir.c and namei.c need to perform the same work to figure out a directory entry's name and size. Extract this into a helper for use in the next patch. Cc: Anders Larsen Link: https://lore.kernel.org/r/20231118033225.2181299-1-keescook@chromium.org Signed-off-by: Kees Cook --- fs/qnx4/dir.c | 52 ++++++------------------------------------- fs/qnx4/qnx4.h | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+), 45 deletions(-) diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c index 66645a5a35f3..42a529e26bd6 100644 --- a/fs/qnx4/dir.c +++ b/fs/qnx4/dir.c @@ -15,43 +15,6 @@ #include #include "qnx4.h" -/* - * A qnx4 directory entry is an inode entry or link info - * depending on the status field in the last byte. The - * first byte is where the name start either way, and a - * zero means it's empty. - * - * Also, due to a bug in gcc, we don't want to use the - * real (differently sized) name arrays in the inode and - * link entries, but always the 'de_name[]' one in the - * fake struct entry. - * - * See - * - * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578#c6 - * - * for details, but basically gcc will take the size of the - * 'name' array from one of the used union entries randomly. - * - * This use of 'de_name[]' (48 bytes) avoids the false positive - * warnings that would happen if gcc decides to use 'inode.di_name' - * (16 bytes) even when the pointer and size were to come from - * 'link.dl_name' (48 bytes). - * - * In all cases the actual name pointer itself is the same, it's - * only the gcc internal 'what is the size of this field' logic - * that can get confused. - */ -union qnx4_directory_entry { - struct { - const char de_name[48]; - u8 de_pad[15]; - u8 de_status; - }; - struct qnx4_inode_entry inode; - struct qnx4_link_info link; -}; - static int qnx4_readdir(struct file *file, struct dir_context *ctx) { struct inode *inode = file_inode(file); @@ -74,26 +37,25 @@ static int qnx4_readdir(struct file *file, struct dir_context *ctx) ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK; for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) { union qnx4_directory_entry *de; + const char *fname; offset = ix * QNX4_DIR_ENTRY_SIZE; de = (union qnx4_directory_entry *) (bh->b_data + offset); - if (!de->de_name[0]) - continue; - if (!(de->de_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) + fname = get_entry_fname(de, &size); + if (!fname) continue; + if (!(de->de_status & QNX4_FILE_LINK)) { - size = sizeof(de->inode.di_fname); ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1; } else { - size = sizeof(de->link.dl_fname); ino = ( le32_to_cpu(de->link.dl_inode_blk) - 1 ) * QNX4_INODES_PER_BLOCK + de->link.dl_inode_ndx; } - size = strnlen(de->de_name, size); - QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, name)); - if (!dir_emit(ctx, de->de_name, size, ino, DT_UNKNOWN)) { + + QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, fname)); + if (!dir_emit(ctx, fname, size, ino, DT_UNKNOWN)) { brelse(bh); return 0; } diff --git a/fs/qnx4/qnx4.h b/fs/qnx4/qnx4.h index 6283705466a4..5c2b1fb6b952 100644 --- a/fs/qnx4/qnx4.h +++ b/fs/qnx4/qnx4.h @@ -44,3 +44,63 @@ static inline struct qnx4_inode_entry *qnx4_raw_inode(struct inode *inode) { return &qnx4_i(inode)->raw; } + +/* + * A qnx4 directory entry is an inode entry or link info + * depending on the status field in the last byte. The + * first byte is where the name start either way, and a + * zero means it's empty. + * + * Also, due to a bug in gcc, we don't want to use the + * real (differently sized) name arrays in the inode and + * link entries, but always the 'de_name[]' one in the + * fake struct entry. + * + * See + * + * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578#c6 + * + * for details, but basically gcc will take the size of the + * 'name' array from one of the used union entries randomly. + * + * This use of 'de_name[]' (48 bytes) avoids the false positive + * warnings that would happen if gcc decides to use 'inode.di_name' + * (16 bytes) even when the pointer and size were to come from + * 'link.dl_name' (48 bytes). + * + * In all cases the actual name pointer itself is the same, it's + * only the gcc internal 'what is the size of this field' logic + * that can get confused. + */ +union qnx4_directory_entry { + struct { + const char de_name[48]; + u8 de_pad[15]; + u8 de_status; + }; + struct qnx4_inode_entry inode; + struct qnx4_link_info link; +}; + +static inline const char *get_entry_fname(union qnx4_directory_entry *de, + int *size) +{ + /* Make sure the status byte is in the same place for all structs. */ + BUILD_BUG_ON(offsetof(struct qnx4_inode_entry, di_status) != + offsetof(struct qnx4_link_info, dl_status)); + BUILD_BUG_ON(offsetof(struct qnx4_inode_entry, di_status) != + offsetof(union qnx4_directory_entry, de_status)); + + if (!de->de_name[0]) + return NULL; + if (!(de->de_status & (QNX4_FILE_USED|QNX4_FILE_LINK))) + return NULL; + if (!(de->de_status & QNX4_FILE_LINK)) + *size = sizeof(de->inode.di_fname); + else + *size = sizeof(de->link.dl_fname); + + *size = strnlen(de->de_name, *size); + + return de->de_name; +} From patchwork Thu Nov 30 20:51:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kees Cook X-Patchwork-Id: 172121 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp676723vqy; Thu, 30 Nov 2023 12:52:07 -0800 (PST) X-Google-Smtp-Source: AGHT+IFra2mjmV7jR3h5vzautYJ77y4UWVGFbku8Nj3TIdBPu+yRWyRT9aHzwV61EFl/rFLJu2Nm X-Received: by 2002:a17:90b:38cd:b0:286:56de:3ff2 with SMTP id nn13-20020a17090b38cd00b0028656de3ff2mr146814pjb.48.1701377526697; Thu, 30 Nov 2023 12:52:06 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701377526; cv=none; d=google.com; s=arc-20160816; b=E423SenXSAzte8ksYpvYKdWuGQmDmCm66ykBIEFmN2LIu0XO81pXfJ7IO+gigAqhbT +28c7ZY5ku/ZwzG+EjDcJ9TDA8JJkKeKZe6/OiLY4UhOYmbM872PVRLS5SWSA0h6OuzN WhtXR13jAnAI/w10IX3sd6ahXHB9/FBm8Hl5NMnRBKL7Zp1iuLc1e7EmTvG6b9fe847L NRf7oSFaXsyyUk8f2IJxaUyLA6WwrkRuOGNcYXBesvf+wYFzpVThRs7BGdEg4dYhLuYp UWGRCDRoWMiDlTJ+8GNKFLnLVCBFAiAwqFx4ayistIQXhaDpF42B3br8sP7PIDCITAeL e2bA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=JHspbjyNxD70S26h5FJFbJyrOIpjQKEiRZEPO/RowOY=; fh=jPF1t1OjVWw43kqQI21RGk54ztKXfsMiTjLe7/DkAmM=; b=lnplcwl95i2BgYs/1HReXl2n2p4l8DTAyx+OlGpj7u140CxOjQ2Y6Z0qwjFPGM7W4R mwlJnb127LhvhLKbO7tdjUl8VO0DoYFnIv0JOkTO7HH6OagaTtCOoqJs9U/5xjUu10aa sZIflVDDeFLrEAJbv6KJt0XyW3FANgVURyu+I+5HpV5sj96APSU4fNk86kpS2e1zF8oZ 98jnJ7NvaoRTaKDhPenVPlfiWxRYn3CqtFp9UAt6YptoafzMmvccYKBFq6NpOjqH2GNK JH56/GgxVuRuEvScnJQqjX3MW1XX9Rb/VEvXj3myZhuqE4ywotqbW/UEdbHpXz4ZZJpf bPwA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YQxvOw0t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id ay15-20020a17090b030f00b00285b69ccd97si4299685pjb.130.2023.11.30.12.52.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 12:52:06 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YQxvOw0t; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 5169480D44F2; Thu, 30 Nov 2023 12:51:34 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1376785AbjK3UvW (ORCPT + 99 others); Thu, 30 Nov 2023 15:51:22 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:55880 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1376740AbjK3UvQ (ORCPT ); Thu, 30 Nov 2023 15:51:16 -0500 Received: from mail-pf1-x436.google.com (mail-pf1-x436.google.com [IPv6:2607:f8b0:4864:20::436]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D70211713 for ; Thu, 30 Nov 2023 12:51:22 -0800 (PST) Received: by mail-pf1-x436.google.com with SMTP id d2e1a72fcca58-6cdfb721824so195262b3a.3 for ; Thu, 30 Nov 2023 12:51:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1701377482; x=1701982282; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=JHspbjyNxD70S26h5FJFbJyrOIpjQKEiRZEPO/RowOY=; b=YQxvOw0t1CbnlpsR46OUOms4DEPmzvsbiw1fyX8MpNED6y7LWiQ9FvJfTa6w0B4QEc MT2RAgXiah5yqVm3BQenT6T+rO2QVnz6Av0xSzPk/bkBRDK21QTd47fogsBd52a6ie67 WUXlZ7M8p/8gSRXf3/bOdZe5yjqpZhxq5UZww= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701377482; x=1701982282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=JHspbjyNxD70S26h5FJFbJyrOIpjQKEiRZEPO/RowOY=; b=dktjPwjQMnuW0TLqx8twRHeb/iR7RCjNsyK+wta8jTdgDx8VQR0PY2U61e1QxGMQ1y uxJQAdMo7sKDZFTj17wb6TvYYl0V1AlUa2nxB/a8rThoSbx6vXOITACDb9/HccweXsQN YihtbfJtppxIG744+QFy3ErVmpiPpHAP5xlCqXREyjBS/+zFLhXcUJ9oXsoDMFUwabjz o17p9uTNQDkyNkHJrjv6F0FUaNiiXF/PnZT+2b4osWLKL2GKU/26luVqKud3GnTa4cDs qkRJHDclaiPAV/rlJiWm0NNnxxSSRNnSKqWp6KOdX9FSdu6XClyKkhhUPfuHOPcPrpUe z1fg== X-Gm-Message-State: AOJu0Ywd5XbcQG366vz6zy3m69M7nO730JpdJ8j0YjmWPQDhvacUTagd icuPfdzerGVG+Z9be4N5mLMkxw== X-Received: by 2002:a05:6a00:6c86:b0:6cd:d8c6:5f2d with SMTP id jc6-20020a056a006c8600b006cdd8c65f2dmr7397977pfb.2.1701377482345; Thu, 30 Nov 2023 12:51:22 -0800 (PST) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id e23-20020a63d957000000b005b7dd356f75sm1707007pgj.32.2023.11.30.12.51.21 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 Nov 2023 12:51:21 -0800 (PST) From: Kees Cook To: Anders Larsen Cc: Kees Cook , Ronald Monthero , linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH v2 2/2] qnx4: Use get_directory_fname() in qnx4_match() Date: Thu, 30 Nov 2023 12:51:19 -0800 Message-Id: <20231130205120.3642477-2-keescook@chromium.org> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20231130205010.it.412-kees@kernel.org> References: <20231130205010.it.412-kees@kernel.org> MIME-Version: 1.0 X-Developer-Signature: v=1; a=openpgp-sha256; l=2137; i=keescook@chromium.org; h=from:subject; bh=0NRaB2XyKTke+LAIiZpTjtyDvsns87ckz1A+4wFT/pU=; b=owEBbQKS/ZANAwAKAYly9N/cbcAmAcsmYgBlaPXHwMRifvoP3X5IR1swGuZKu3ezjNx6+q9Y/ rued3z2/QSJAjMEAAEKAB0WIQSlw/aPIp3WD3I+bhOJcvTf3G3AJgUCZWj1xwAKCRCJcvTf3G3A JrG9D/9U5Pt6Io0TBKu5fsoHGeADe3EEyPVr7dNlaSkT0fd+Z/wUv4HjAeK18w8+mEqzKmc+8D7 osq79lqROKhvGAzuGte+1dtUAJyrG2N+kIY7whVWjFYj4aJe9hMLi0E+gHz2F8BvYdqHQqgU2s+ qZX0/u3GMTF27uOLRvWKgGkvf1quTpALZEm0jbwf9lRMIYHUdmtXP8IRCYnkM+4QNUktyAK4Krb Dy/Ievfz1/oZbltim3dvynxT4mW/gVzLy6wYEuIIR4869XRwaMNR30r7Ed+qcL0DkTrB4OtcRNa qyYp1GGNlvQwKN0EfJiYldys+16liBo7iFSaocEeeHxl/4Oic1xjF40gIWQQgrdzvafhAF+Ojkc t17iCMyooYWMfhjsmQHwg4LK2UPHKYN/o436ElHiNmfm6dI+/R2umxX52SUKIgIzKX9+pEM78HK j26HLelWfEjfBzhhLYlSGeVX+KX5vzfIBoLjdhIurCLq4Sv3M7NvCGgJzINZsuyYDI1VTxoEbi3 QihxHdAviQUn4QrllwBAW3JPmFaBxWIgQ44D9E8jfW0pJ94L/ClDxU47yv0ocYxzAVbNn7BRM6o U3sm5w5geeMVlifVE2Kn31bRC4LL4Y3P5edIn4YqZ8kUuHvZKG1pYSn4Vt/3wmFM4SQGpP9AOtM O5YgvLYssasy3wA== X-Developer-Key: i=keescook@chromium.org; a=openpgp; fpr=A5C3F68F229DD60F723E6E138972F4DFDC6DC026 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Thu, 30 Nov 2023 12:51:34 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1784023641371506037 X-GMAIL-MSGID: 1784023641371506037 Use the new common directory entry name accessor helper to avoid confusing the compiler about over-running the file name buffer. Avoids false positive buffer overflow warning: [ 4849.636861] detected buffer overflow in strlen [ 4849.636897] ------------[ cut here ]------------ [ 4849.636902] kernel BUG at lib/string.c:1165! ... [ 4849.637047] Call Trace: ... [ 4849.637251] qnx4_find_entry.cold+0xc/0x18 [qnx4] [ 4849.637264] qnx4_lookup+0x3c/0xa0 [qnx4] Cc: Anders Larsen Reported-by: Ronald Monthero Closes: https://lore.kernel.org/lkml/20231112095353.579855-1-debug.penguin32@gmail.com/ Link: https://lore.kernel.org/r/20231118033225.2181299-2-keescook@chromium.org Signed-off-by: Kees Cook --- fs/qnx4/namei.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) diff --git a/fs/qnx4/namei.c b/fs/qnx4/namei.c index 8d72221735d7..bb8db6550ca5 100644 --- a/fs/qnx4/namei.c +++ b/fs/qnx4/namei.c @@ -26,31 +26,24 @@ static int qnx4_match(int len, const char *name, struct buffer_head *bh, unsigned long *offset) { - struct qnx4_inode_entry *de; - int namelen, thislen; + union qnx4_directory_entry *de; + const char *fname; + int fnamelen; if (bh == NULL) { printk(KERN_WARNING "qnx4: matching unassigned buffer !\n"); return 0; } - de = (struct qnx4_inode_entry *) (bh->b_data + *offset); + de = (union qnx4_directory_entry *) (bh->b_data + *offset); *offset += QNX4_DIR_ENTRY_SIZE; - if ((de->di_status & QNX4_FILE_LINK) != 0) { - namelen = QNX4_NAME_MAX; - } else { - namelen = QNX4_SHORT_NAME_MAX; - } - thislen = strlen( de->di_fname ); - if ( thislen > namelen ) - thislen = namelen; - if (len != thislen) { + + fname = get_entry_fname(de, &fnamelen); + if (!fname || len != fnamelen) return 0; - } - if (strncmp(name, de->di_fname, len) == 0) { - if ((de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK)) != 0) { - return 1; - } - } + + if (strncmp(name, fname, len) == 0) + return 1; + return 0; }