From patchwork Tue May 30 20:31:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261148 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 290FDC7EE37 for ; Tue, 30 May 2023 20:54:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480090; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=tvDh0+LZsUw9L95IfaW2ZTLEVae844nUzZqqlBoxb2c=; b=f0FHxrtVEisbPfhArE18OMYxthhmap8RiTxgHhaXOadoBjHsMz0xRNW7/t3GWJ1TqzoIuc xS08LCBWE7uLufStTmMgO8jA1XBJtDYmzUsFglFCY50ojqn7mmX4B4GB7KYcKJfiD45Ig+ bsKsrMQ3g86OMzJyrwC0fWh2dYpqNI0= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-302-bGz3eeydOf6RpmWSwH39WA-1; Tue, 30 May 2023 16:54:47 -0400 X-MC-Unique: bGz3eeydOf6RpmWSwH39WA-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0E9E7382C971; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id EF108492B0C; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 9F60A194E123; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0F6CF1946595 for ; Tue, 30 May 2023 20:40:57 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id E368AC154D3; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast10.extmail.prod.ext.rdu2.redhat.com [10.11.55.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DBDF3C154D1 for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C20EC1C08DCC for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-134-cqhDjk59OS2qX9zOK_ob8w-1; Tue, 30 May 2023 16:40:55 -0400 X-MC-Unique: cqhDjk59OS2qX9zOK_ob8w-1 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id E111C3200564; Tue, 30 May 2023 16:31:36 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:37 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:35 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:01 -0400 Message-Id: <20230530203116.2008-2-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 01/16] device-mapper: Check that target specs are sufficiently aligned X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Demi Marie Obenour , xen-devel@lists.xenproject.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Otherwise subsequent code will dereference a misaligned `struct dm_target_spec *`, which is undefined behavior. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index cc77cf3d410921432eb0c62cdede7d55b9aa674a..34fa74c6a70db8aa67aaba3f6a2fc4f38ef736bc 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1394,6 +1394,13 @@ static inline fmode_t get_mode(struct dm_ioctl *param) static int next_target(struct dm_target_spec *last, uint32_t next, void *end, struct dm_target_spec **spec, char **target_params) { + static_assert(_Alignof(struct dm_target_spec) <= 8, + "struct dm_target_spec has excessive alignment requirements"); + if (next % 8) { + DMERR("Next target spec (offset %u) is not 8-byte aligned", next); + return -EINVAL; + } + *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); From patchwork Tue May 30 20:31:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261144 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id C7383C77B73 for ; Tue, 30 May 2023 20:54:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480087; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=0GydxEyIfj5trnMKR5cZKwokhDGM+brf6myNhah6VQs=; b=d4Wk9dnRT6MUj/MHrg3LaNrvaEV/sBXO49zr1s6z98GMmmZj7BROmxk3aUqdqWtxveYc0e CLC3QYknSNzDkXsIEnlMtw+T6foAxhlxSHOfaXb0GTffmhRq1o9vmwUFpq+O6LXhLqen8g NK/8+R3+fXm/nidRzpxjSPDQ6R1tNU8= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-590-1dCD8ISsMQqVjAmAPqxbrg-1; Tue, 30 May 2023 16:54:46 -0400 X-MC-Unique: 1dCD8ISsMQqVjAmAPqxbrg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B29F71022F0A; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 98D96112132E; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 45B96194E01A; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 822251946595 for ; Tue, 30 May 2023 20:41:04 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 722E720296C6; Tue, 30 May 2023 20:41:04 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 6ABE8200AE6F for ; Tue, 30 May 2023 20:41:04 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 4F59D800B35 for ; Tue, 30 May 2023 20:41:04 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-567-z07MPZY_PA-hrDf0P6Xm1A-1; Tue, 30 May 2023 16:40:55 -0400 X-MC-Unique: z07MPZY_PA-hrDf0P6Xm1A-1 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 26C5032005C1; Tue, 30 May 2023 16:31:40 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 30 May 2023 16:31:40 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:38 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:02 -0400 Message-Id: <20230530203116.2008-3-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 02/16] device-mapper: Avoid pointer arithmetic overflow X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Demi Marie Obenour , xen-devel@lists.xenproject.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Especially on 32-bit systems, it is possible for the pointer arithmetic to overflow and cause a userspace pointer to be dereferenced in the kernel. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 34fa74c6a70db8aa67aaba3f6a2fc4f38ef736bc..64e8f16d344c47057de5e2d29e3d63202197dca0 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1396,6 +1396,25 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, { static_assert(_Alignof(struct dm_target_spec) <= 8, "struct dm_target_spec has excessive alignment requirements"); + static_assert(offsetof(struct dm_ioctl, data) >= sizeof(struct dm_target_spec), + "struct dm_target_spec too big"); + + /* + * Number of bytes remaining, starting with last. This is always + * sizeof(struct dm_target_spec) or more, as otherwise *last was + * out of bounds already. + */ + size_t remaining = (char *)end - (char *)last; + + /* + * There must be room for both the next target spec and the + * NUL-terminator of the target itself. + */ + if (remaining - sizeof(struct dm_target_spec) <= next) { + DMERR("Target spec extends beyond end of parameters"); + return -EINVAL; + } + if (next % 8) { DMERR("Next target spec (offset %u) is not 8-byte aligned", next); return -EINVAL; From patchwork Tue May 30 20:31:03 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261141 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id B1D9BC7EE33 for ; Tue, 30 May 2023 20:54:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480085; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=5+xQ968vJVLVljDBkUDamOsrI0vZOoDXpt0Ds2iK1nU=; b=FTXXA5dWSssp27K5FCZeGJ0kO/U99hUHW4YU7TD/ZShV76W3oEoYzpfNWjTYx+1hlmSx7Q Shkz/1SCtDJgCM37dbVfDkKv6kqyIio63+oF3Fwnn02CAz95g6DPdU9RpxabHdaPcECRsx /wGMC6ukR3vaUjAkV5MhLi3COzYHPo0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-184-khp9BxItO5Wdi7JDIMF_mw-1; Tue, 30 May 2023 16:54:43 -0400 X-MC-Unique: khp9BxItO5Wdi7JDIMF_mw-1 Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 5CF74803902; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 3C9C7492B00; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E0803194F24F; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 859C119465A0 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 593BF492B0B; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5167B492B0A for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 317FF2932498 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-47-M5yP5hoZO0ychrkyf_mK3g-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: M5yP5hoZO0ychrkyf_mK3g-1 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 07F803200914; Tue, 30 May 2023 16:31:42 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:31:43 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudegkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:41 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:03 -0400 Message-Id: <20230530203116.2008-4-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 03/16] device-mapper: do not allow targets to overlap 'struct dm_ioctl' X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Demi Marie Obenour , xen-devel@lists.xenproject.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com This prevents dm_split_args() from corrupting this struct. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 64e8f16d344c47057de5e2d29e3d63202197dca0..a1d5fe64e1d0d9d3dcb06924249b89fe661944ab 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1444,6 +1444,12 @@ static int populate_table(struct dm_table *table, return -EINVAL; } + if (next < sizeof(struct dm_ioctl)) { + DMERR("%s: first target spec (offset %u) overlaps 'struct dm_ioctl'", + __func__, next); + return -EINVAL; + } + for (i = 0; i < param->target_count; i++) { r = next_target(spec, next, end, &spec, &target_params); From patchwork Tue May 30 20:31:04 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261149 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2C211C77B73 for ; Tue, 30 May 2023 20:54:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480091; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hkjGCwCoK0EpEkbOn9zh08gw8pl0swYRCrfKgUJREhc=; b=W2EaipEja1rAq1JMuV8pn7gH2WJ8qu7DWyyNVxiOGEEmPNKwKa08XBFIHan3xZdAAydL/t tf0O0nGOyDPeHo+hs4XRfOs1uCksO+Q3yHin6iJrKOETjtunQaE06RqGzJXCwxsPA7wP4I pRmYe2I9XtwaQajnVomwjUvnL9Cts9I= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-43-42IASqqhPlqwCXgN1CM6Gw-1; Tue, 30 May 2023 16:54:47 -0400 X-MC-Unique: 42IASqqhPlqwCXgN1CM6Gw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 77C9B382C982; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 65C5BC154D3; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id E61DC194F257; Tue, 30 May 2023 20:54:27 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0538219465A2 for ; Tue, 30 May 2023 20:40:58 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id E94AE40CFD46; Tue, 30 May 2023 20:40:57 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast02.extmail.prod.ext.rdu2.redhat.com [10.11.55.18]) by smtp.corp.redhat.com (Postfix) with ESMTPS id E1E8440CFD45 for ; Tue, 30 May 2023 20:40:57 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C19048030D2 for ; Tue, 30 May 2023 20:40:57 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-515-5eYMH6mfNiqvnb_WcCACcg-1; Tue, 30 May 2023 16:40:56 -0400 X-MC-Unique: 5eYMH6mfNiqvnb_WcCACcg-1 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 210F1320093A; Tue, 30 May 2023 16:31:46 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:31:46 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:44 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:04 -0400 Message-Id: <20230530203116.2008-5-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 04/16] device-mapper: Better error message for too-short target spec X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Previously the error was "unable to find target", which is not helpful. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index a1d5fe64e1d0d9d3dcb06924249b89fe661944ab..9f505abba3dc22bffc6acb335c0bf29fec288fd5 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1423,9 +1423,6 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); - if (*spec < (last + 1)) - return -EINVAL; - return invalid_str(*target_params, end); } @@ -1451,6 +1448,11 @@ static int populate_table(struct dm_table *table, } for (i = 0; i < param->target_count; i++) { + if (next < sizeof(*spec)) { + DMERR("%s: next target spec (offset %u) overlaps 'struct dm_target_spec'", + __func__, next); + return -EINVAL; + } r = next_target(spec, next, end, &spec, &target_params); if (r) { From patchwork Tue May 30 20:31:05 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261147 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 2914FC7EE39 for ; Tue, 30 May 2023 20:54:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480090; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=ghhkiJzSzjCP1N0T1Q/FQ80KLvUxlw1aIDaKLCJGC7w=; b=SJXaj5Ueodx/KST3ug9n2TsFAnidAfYxu6/kaGkFf0LxxCUgGCB+8qe7F0hoeYlCvSB71A F27lx5ln0/r58BrJtKO7s4d2huOJU6IfcIWpzm1vAC5G/7FgsSpH73UVSHr6AvNzHT8EvO hYYGdPF05ZS8tMGt5F9hpCoWoQVJ8w0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-518-eHhJN0ezO2OhVjLHBErSmg-1; Tue, 30 May 2023 16:54:48 -0400 X-MC-Unique: eHhJN0ezO2OhVjLHBErSmg-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 29AF7100F66D; Tue, 30 May 2023 20:54:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 150CC112132D; Tue, 30 May 2023 20:54:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A8A65194F4B4; Tue, 30 May 2023 20:54:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 8071E19465A0 for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 63A69492B0C; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5C2AF492B0B for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3786329324BD for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-149-qCZ_Yv64N-CwFBltE0TIDg-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: qCZ_Yv64N-CwFBltE0TIDg-1 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id E7B28320091C; Tue, 30 May 2023 16:31:48 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:31:49 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudegkecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:47 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:05 -0400 Message-Id: <20230530203116.2008-6-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 05/16] device-mapper: Target parameters must not overlap next target spec X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Demi Marie Obenour , xen-devel@lists.xenproject.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com The NUL terminator for each target parameter string must preceed the following 'struct dm_target_spec'. Otherwise, dm_split_args() might corrupt this struct. Signed-off-by: Demi Marie Obenour Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org --- drivers/md/dm-ioctl.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 9f505abba3dc22bffc6acb335c0bf29fec288fd5..491ef55b9e8662c3b02a2162b8c93ee086c078a1 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1391,7 +1391,7 @@ static inline fmode_t get_mode(struct dm_ioctl *param) return mode; } -static int next_target(struct dm_target_spec *last, uint32_t next, void *end, +static int next_target(struct dm_target_spec *last, uint32_t next, const char *end, struct dm_target_spec **spec, char **target_params) { static_assert(_Alignof(struct dm_target_spec) <= 8, @@ -1404,7 +1404,7 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, * sizeof(struct dm_target_spec) or more, as otherwise *last was * out of bounds already. */ - size_t remaining = (char *)end - (char *)last; + size_t remaining = end - (char *)last; /* * There must be room for both the next target spec and the @@ -1423,7 +1423,7 @@ static int next_target(struct dm_target_spec *last, uint32_t next, void *end, *spec = (struct dm_target_spec *) ((unsigned char *) last + next); *target_params = (char *) (*spec + 1); - return invalid_str(*target_params, end); + return 0; } static int populate_table(struct dm_table *table, @@ -1433,24 +1433,21 @@ static int populate_table(struct dm_table *table, unsigned int i = 0; struct dm_target_spec *spec = (struct dm_target_spec *) param; uint32_t next = param->data_start; - void *end = (void *) param + param_size; + const char *const end = (const char *) param + param_size; char *target_params; + size_t min_size = sizeof(struct dm_ioctl); if (!param->target_count) { DMERR("%s: no targets specified", __func__); return -EINVAL; } - if (next < sizeof(struct dm_ioctl)) { - DMERR("%s: first target spec (offset %u) overlaps 'struct dm_ioctl'", - __func__, next); - return -EINVAL; - } - for (i = 0; i < param->target_count; i++) { - if (next < sizeof(*spec)) { - DMERR("%s: next target spec (offset %u) overlaps 'struct dm_target_spec'", - __func__, next); + const char *nul_terminator; + + if (next < min_size) { + DMERR("%s: next target spec (offset %u) overlaps %s", + __func__, next, i ? "previous target" : "'struct dm_ioctl'"); return -EINVAL; } @@ -1460,6 +1457,15 @@ static int populate_table(struct dm_table *table, return r; } + nul_terminator = memchr(target_params, 0, (size_t)(end - target_params)); + if (nul_terminator == NULL) { + DMERR("%s: target parameters not NUL-terminated", __func__); + return -EINVAL; + } + + /* Add 1 for NUL terminator */ + min_size = (nul_terminator - (const char *)spec) + 1; + r = dm_table_add_target(table, spec->target_type, (sector_t) spec->sector_start, (sector_t) spec->length, From patchwork Tue May 30 20:31:06 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261138 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 7474BC7EE32 for ; Tue, 30 May 2023 20:54:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480084; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=lhsuGiiPR5r2mdatWAASf1tUMBZRg1wOVZC2Lzk+TII=; b=Z/0aujK1Ln6ddNTv/RJMfKzzZnjCN7smyXCJbvQLPCXdkWXWuZkQEFqf9M0zJKL22eJQu9 H/OqKjc5LArJ+vnwjmBV2b6lFOOpyxZ5ofvr+2fhoDzfyxIKmKHfYaWaZq45qiuW5NkMy1 e5681oiwcDHx9m0Z74VuFFts2WQPZ4A= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-172-d1GGi5KjMp6Q7UlqylnCRQ-1; Tue, 30 May 2023 16:54:42 -0400 X-MC-Unique: d1GGi5KjMp6Q7UlqylnCRQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id D9198280BC7E; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id C6102140E959; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7AAFE194E116; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id AFE801946595 for ; Tue, 30 May 2023 20:41:16 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 9F88A40C6CCC; Tue, 30 May 2023 20:41:16 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 97E5D40C6EC4 for ; Tue, 30 May 2023 20:41:16 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 36B9038117E9 for ; Tue, 30 May 2023 20:41:16 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-659-Eh8T7qPrO3mn4OEONXW5AA-1; Tue, 30 May 2023 16:40:58 -0400 X-MC-Unique: Eh8T7qPrO3mn4OEONXW5AA-1 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id CC58F3200907; Tue, 30 May 2023 16:31:51 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:31:52 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:50 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:06 -0400 Message-Id: <20230530203116.2008-7-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 06/16] device-mapper: Avoid double-fetch of version X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Marek_Marczykowski-G=C3=B3recki?= , stable@vger.kernel.org, linux-kernel@vger.kernel.org, linux-block@vger.kernel.org, Demi Marie Obenour , xen-devel@lists.xenproject.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com The version is fetched once in check_version(), which then does some validation and then overwrites the version in userspace with the API version supported by the kernel. copy_params() then fetches the version from userspace *again*, and this time no validation is done. The result is that the kernel's version number is completely controllable by userspace, provided that userspace can win a race condition. Fix this flaw by not copying the version back to the kernel the second time. This is not exploitable as the version is not further used in the kernel. However, it could become a problem if future patches start relying on the version field. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable@vger.kernel.org Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 491ef55b9e8662c3b02a2162b8c93ee086c078a1..20f452b6c61c1c4d20259fd0fc5443977e4454a0 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -1873,12 +1873,13 @@ static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) * As well as checking the version compatibility this always * copies the kernel interface version out. */ -static int check_version(unsigned int cmd, struct dm_ioctl __user *user) +static int check_version(unsigned int cmd, struct dm_ioctl __user *user, + struct dm_ioctl *kernel_params) { - uint32_t version[3]; int r = 0; + uint32_t *version = kernel_params->version; - if (copy_from_user(version, user->version, sizeof(version))) + if (copy_from_user(version, user->version, sizeof(user->version))) return -EFAULT; if ((version[0] != DM_VERSION_MAJOR) || @@ -1922,7 +1923,10 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern const size_t minimum_data_size = offsetof(struct dm_ioctl, data); unsigned int noio_flag; - if (copy_from_user(param_kernel, user, minimum_data_size)) + /* Version has been copied from userspace already, avoid TOCTOU */ + if (copy_from_user((char *)param_kernel + sizeof(param_kernel->version), + (char __user *)user + sizeof(param_kernel->version), + minimum_data_size - sizeof(param_kernel->version))) return -EFAULT; if (param_kernel->data_size < minimum_data_size) { @@ -2034,7 +2038,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us * Check the interface version passed in. This also * writes out the kernel's interface version. */ - r = check_version(cmd, user); + r = check_version(cmd, user, ¶m_kernel); if (r) return r; From patchwork Tue May 30 20:31:07 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261145 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 55724C7EE23 for ; Tue, 30 May 2023 20:54:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480087; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=E6umic/bkzuwdKthXSBkM5x+kOZlSqeoJmvNjdWT52Q=; b=Vdl496OAexTm08/SNXV3ZS8yTZSr+1P2wZhbgAn060GqsmyQ5igpJyAjewsHoWPuQYqYjt kH7vwHUtZoFFH5KvHsDbeTfn4NO/qc3e+8SvxTAhYs0VEsf2KG1HJVw7T/vLjZuNlOxJlB MedAkDI1SOoLfjwaEA5inYxrMybXRnY= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-281-FGbDQi5sM5-xxmkIbaJIxw-1; Tue, 30 May 2023 16:54:43 -0400 X-MC-Unique: FGbDQi5sM5-xxmkIbaJIxw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8495C185A7A5; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 236B6140E957; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 36A22193F51E; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1995119465B2 for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id E9786C154DA; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id DFEE0C154D6 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B99F929324A6 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-220-Cr0Mmo1ePR-B6ov8YrFUuQ-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: Cr0Mmo1ePR-B6ov8YrFUuQ-1 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id AB9E13200920; Tue, 30 May 2023 16:31:54 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:55 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:53 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:07 -0400 Message-Id: <20230530203116.2008-8-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 07/16] device-mapper: Allow userspace to opt-in to strict parameter checks X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Currently, device-mapper ioctls ignore unknown flags. This makes adding new flags to a given ioctl risky, as it could potentially break old userspace. To solve this problem, allow userspace to pass 5 as the major version to any ioctl. This causes the kernel to reject any flags that are not supported by the ioctl, as well as nonzero padding and names and UUIDs that are not NUL-terminated. New flags will only be recognized if major version 5 is used. Kernels without this patch return -EINVAL if the major version is 5, so this is backwards compatible. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 301 ++++++++++++++++++++++++++-------- include/uapi/linux/dm-ioctl.h | 30 +++- 2 files changed, 260 insertions(+), 71 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 20f452b6c61c1c4d20259fd0fc5443977e4454a0..cf752e72ef6a2d8f8230e5bd6d1a6dc817a4f597 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -64,7 +64,8 @@ struct vers_iter { static struct rb_root name_rb_tree = RB_ROOT; static struct rb_root uuid_rb_tree = RB_ROOT; -static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred); +static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred, + struct dm_ioctl *param); /* * Guards access to both hash tables. @@ -78,7 +79,7 @@ static DEFINE_MUTEX(dm_hash_cells_mutex); static void dm_hash_exit(void) { - dm_hash_remove_all(false, false, false); + dm_hash_remove_all(false, false, false, NULL); } /* @@ -333,7 +334,8 @@ static struct dm_table *__hash_remove(struct hash_cell *hc) return table; } -static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred) +static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool only_deferred, + struct dm_ioctl *param) { int dev_skipped; struct rb_node *n; @@ -367,6 +369,8 @@ static void dm_hash_remove_all(bool keep_open_devices, bool mark_deferred, bool dm_table_destroy(t); } dm_ima_measure_on_device_remove(md, true); + if (param != NULL && !dm_kobject_uevent(md, KOBJ_REMOVE, param->event_nr, false)) + param->flags |= DM_UEVENT_GENERATED_FLAG; dm_put(md); if (likely(keep_open_devices)) dm_destroy(md); @@ -513,7 +517,7 @@ static struct mapped_device *dm_hash_rename(struct dm_ioctl *param, void dm_deferred_remove(void) { - dm_hash_remove_all(true, false, true); + dm_hash_remove_all(true, false, true, NULL); } /* @@ -529,7 +533,7 @@ typedef int (*ioctl_fn)(struct file *filp, struct dm_ioctl *param, size_t param_ static int remove_all(struct file *filp, struct dm_ioctl *param, size_t param_size) { - dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false); + dm_hash_remove_all(true, !!(param->flags & DM_DEFERRED_REMOVE), false, param); param->data_size = 0; return 0; } @@ -892,8 +896,6 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si return r; } - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; - __dev_status(md, param); dm_put(md); @@ -947,8 +949,6 @@ static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) if (hc->new_map) param->flags |= DM_INACTIVE_PRESENT_FLAG; - else - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; return hc; } @@ -1161,7 +1161,6 @@ static int do_resume(struct dm_ioctl *param) new_map = hc->new_map; hc->new_map = NULL; - param->flags &= ~DM_INACTIVE_PRESENT_FLAG; up_write(&_hash_lock); @@ -1426,6 +1425,32 @@ static int next_target(struct dm_target_spec *last, uint32_t next, const char *e return 0; } +static inline bool sloppy_checks(const struct dm_ioctl *param) +{ + return param->version[0] < DM_VERSION_MAJOR_STRICT; +} + +static bool no_non_nul_after_nul(const char *untrusted_str, size_t size, + unsigned int cmd, const char *msg) +{ + const char *cursor; + const char *endp = untrusted_str + size; + const char *nul_terminator = memchr(untrusted_str, '\0', size); + + if (nul_terminator == NULL) { + DMERR("%s not NUL-terminated, cmd(%u)", msg, cmd); + return false; + } + for (cursor = nul_terminator; cursor < endp; cursor++) { + if (*cursor != 0) { + DMERR("%s has non-NUL byte at %zd after NUL byte at %zd, cmd(%u)", + msg, cursor - untrusted_str, nul_terminator - untrusted_str, cmd); + return false; + } + } + return true; +} + static int populate_table(struct dm_table *table, struct dm_ioctl *param, size_t param_size) { @@ -1436,12 +1461,19 @@ static int populate_table(struct dm_table *table, const char *const end = (const char *) param + param_size; char *target_params; size_t min_size = sizeof(struct dm_ioctl); + bool const strict = !sloppy_checks(param); if (!param->target_count) { DMERR("%s: no targets specified", __func__); return -EINVAL; } + if (strict && param_size % 8 != 0) { + DMERR("%s: parameter size %zu not multiple of 8", + __func__, param_size); + return -EINVAL; + } + for (i = 0; i < param->target_count; i++) { const char *nul_terminator; @@ -1466,6 +1498,18 @@ static int populate_table(struct dm_table *table, /* Add 1 for NUL terminator */ min_size = (nul_terminator - (const char *)spec) + 1; + if (strict) { + if (!no_non_nul_after_nul(spec->target_type, sizeof(spec->target_type), + DM_TABLE_LOAD_CMD, "target type")) + return -EINVAL; + + if (spec->status) { + DMERR("%s: status in target spec must be zero, not %u", + __func__, spec->status); + return -EINVAL; + } + } + r = dm_table_add_target(table, spec->target_type, (sector_t) spec->sector_start, (sector_t) spec->length, @@ -1476,6 +1520,32 @@ static int populate_table(struct dm_table *table, } next = spec->next; + + if (strict) { + uint64_t zero = 0; + /* + * param_size is a multiple of 8 so this is still in + * bounds (or 1 past the end). + */ + size_t expected_next = round_up(min_size, 8); + + if (expected_next != next) { + DMERR("%s: in strict mode, expected next to be %zu but it was %u", + __func__, expected_next, next); + return -EINVAL; + } + + if (memcmp(&zero, nul_terminator, next - min_size + 1) != 0) { + DMERR("%s: in strict mode, padding must be zeroed", __func__); + return -EINVAL; + } + } + } + + if (strict && next != (size_t)(end - (const char *)spec)) { + DMERR("%s: last target size is %u, but %zd bytes remaining in target spec", + __func__, next, end - (const char *)spec); + return -EINVAL; } return dm_table_complete(table); @@ -1823,48 +1893,67 @@ static int target_message(struct file *filp, struct dm_ioctl *param, size_t para * the ioctl. */ #define IOCTL_FLAGS_NO_PARAMS 1 -#define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT 2 +#define IOCTL_FLAGS_TAKES_EVENT_NR 2 +#define IOCTL_FLAGS_ISSUE_GLOBAL_EVENT (IOCTL_FLAGS_TAKES_EVENT_NR | 4) /* *--------------------------------------------------------------- * Implementation of open/close/ioctl on the special char device. *--------------------------------------------------------------- */ -static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags) +static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags, uint32_t *supported_flags) { static const struct { int cmd; int flags; ioctl_fn fn; + uint32_t supported_flags; } _ioctls[] = { - {DM_VERSION_CMD, 0, NULL}, /* version is dealt with elsewhere */ - {DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all}, - {DM_LIST_DEVICES_CMD, 0, list_devices}, + /* Macro to make the structure initializers somewhat readable */ +#define I(cmd, flags, fn, supported_flags) { \ + (cmd), \ + (flags), \ + (fn), \ + /* \ + * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ + * Use BUILD_BUG_ON_ZERO to check for that. \ + */ \ + (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ +} + I(DM_VERSION_CMD, 0, NULL, 0), /* version is dealt with elsewhere */ + I(DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all, + DM_DEFERRED_REMOVE), + I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG), + I(DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create, + DM_PERSISTENT_DEV_FLAG), + I(DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove, + DM_DEFERRED_REMOVE), + I(DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG), + I(DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG), + I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_DEV_WAIT_CMD, IOCTL_FLAGS_TAKES_EVENT_NR, dev_wait, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), + I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG), + I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_TABLE_STATUS_CMD, 0, table_status, + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), - {DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create}, - {DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove}, - {DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename}, - {DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend}, - {DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status}, - {DM_DEV_WAIT_CMD, 0, dev_wait}, + I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0), - {DM_TABLE_LOAD_CMD, 0, table_load}, - {DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear}, - {DM_TABLE_DEPS_CMD, 0, table_deps}, - {DM_TABLE_STATUS_CMD, 0, table_status}, - - {DM_LIST_VERSIONS_CMD, 0, list_versions}, - - {DM_TARGET_MSG_CMD, 0, target_message}, - {DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry}, - {DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll}, - {DM_GET_TARGET_VERSION_CMD, 0, get_target_version}, + I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG), + I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0), + I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0), + I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0), }; if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) return NULL; cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); + *supported_flags = _ioctls[cmd].supported_flags; *ioctl_flags = _ioctls[cmd].flags; return _ioctls[cmd].fn; } @@ -1877,27 +1966,34 @@ static int check_version(unsigned int cmd, struct dm_ioctl __user *user, struct dm_ioctl *kernel_params) { int r = 0; - uint32_t *version = kernel_params->version; + uint32_t expected_major_version = DM_VERSION_MAJOR; - if (copy_from_user(version, user->version, sizeof(user->version))) + if (copy_from_user(kernel_params->version, user->version, sizeof(kernel_params->version))) return -EFAULT; - if ((version[0] != DM_VERSION_MAJOR) || - (version[1] > DM_VERSION_MINOR)) { + if (kernel_params->version[0] >= DM_VERSION_MAJOR_STRICT) + expected_major_version = DM_VERSION_MAJOR_STRICT; + + if ((kernel_params->version[0] != expected_major_version) || + (kernel_params->version[1] > DM_VERSION_MINOR)) { DMERR("ioctl interface mismatch: kernel(%u.%u.%u), user(%u.%u.%u), cmd(%d)", - DM_VERSION_MAJOR, DM_VERSION_MINOR, + expected_major_version, + DM_VERSION_MINOR, DM_VERSION_PATCHLEVEL, - version[0], version[1], version[2], cmd); + kernel_params->version[0], + kernel_params->version[1], + kernel_params->version[2], + cmd); r = -EINVAL; } /* * Fill in the kernel version. */ - version[0] = DM_VERSION_MAJOR; - version[1] = DM_VERSION_MINOR; - version[2] = DM_VERSION_PATCHLEVEL; - if (copy_to_user(user->version, version, sizeof(version))) + kernel_params->version[0] = expected_major_version; + kernel_params->version[1] = DM_VERSION_MINOR; + kernel_params->version[2] = DM_VERSION_PATCHLEVEL; + if (copy_to_user(user->version, kernel_params->version, sizeof(kernel_params->version))) return -EFAULT; return r; @@ -1920,9 +2016,12 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern { struct dm_ioctl *dmi; int secure_data; - const size_t minimum_data_size = offsetof(struct dm_ioctl, data); + const size_t minimum_data_size = sloppy_checks(param_kernel) ? + offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); unsigned int noio_flag; + static_assert(offsetof(struct dm_ioctl, data_size) == sizeof(param_kernel->version)); + static_assert(offsetof(struct dm_ioctl, data_size) == 12); /* Version has been copied from userspace already, avoid TOCTOU */ if (copy_from_user((char *)param_kernel + sizeof(param_kernel->version), (char __user *)user + sizeof(param_kernel->version), @@ -1930,12 +2029,13 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern return -EFAULT; if (param_kernel->data_size < minimum_data_size) { - DMERR("Invalid data size in the ioctl structure: %u", - param_kernel->data_size); + DMERR("Invalid data size in the ioctl structure: %u (minimum %zu)", + param_kernel->data_size, minimum_data_size); return -EINVAL; } secure_data = param_kernel->flags & DM_SECURE_DATA_FLAG; + param_kernel->flags &= ~DM_SECURE_DATA_FLAG; *param_flags = secure_data ? DM_WIPE_BUFFER : 0; @@ -1966,7 +2066,8 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern /* Copy from param_kernel (which was already copied from user) */ memcpy(dmi, param_kernel, minimum_data_size); - if (copy_from_user(&dmi->data, (char __user *)user + minimum_data_size, + if (copy_from_user((char *)dmi + minimum_data_size, + (char __user *)user + minimum_data_size, param_kernel->data_size - minimum_data_size)) goto bad; data_copied: @@ -1983,33 +2084,86 @@ static int copy_params(struct dm_ioctl __user *user, struct dm_ioctl *param_kern return -EFAULT; } -static int validate_params(uint cmd, struct dm_ioctl *param) +static int validate_params(uint cmd, struct dm_ioctl *param, + uint32_t ioctl_flags, uint32_t supported_flags) { - /* Always clear this flag */ - param->flags &= ~DM_BUFFER_FULL_FLAG; - param->flags &= ~DM_UEVENT_GENERATED_FLAG; - param->flags &= ~DM_SECURE_DATA_FLAG; - param->flags &= ~DM_DATA_OUT_FLAG; - - /* Ignores parameters */ - if (cmd == DM_REMOVE_ALL_CMD || - cmd == DM_LIST_DEVICES_CMD || - cmd == DM_LIST_VERSIONS_CMD) - return 0; + static_assert(__same_type(param->flags, supported_flags)); + u64 zero = 0; if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { DMERR("name not supplied when creating device"); return -EINVAL; } - } else if (*param->uuid && *param->name) { - DMERR("only supply one of name or uuid, cmd(%u)", cmd); + } else { + if (*param->uuid && *param->name) { + DMERR("only supply one of name or uuid, cmd(%u)", cmd); + return -EINVAL; + } + } + + if (sloppy_checks(param)) { + /* Ensure strings are terminated */ + param->name[DM_NAME_LEN - 1] = '\0'; + param->uuid[DM_UUID_LEN - 1] = '\0'; + /* Mask off bits that could confuse other code */ + param->flags &= ~DM_STRICT_ONLY_FLAGS; + /* Skip strict checks */ + return 0; + } + + /* Check that strings are terminated */ + if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") || + !no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID")) { return -EINVAL; } - /* Ensure strings are terminated */ - param->name[DM_NAME_LEN - 1] = '\0'; - param->uuid[DM_UUID_LEN - 1] = '\0'; + if (memcmp(param->data, &zero, sizeof(param->data)) != 0) { + DMERR("second padding field not zeroed in strict mode (cmd %u)", cmd); + return -EINVAL; + } + + if (param->flags & ~supported_flags) { + DMERR("unsupported flags 0x%x specified, cmd(%u)", + param->flags & ~supported_flags, cmd); + return -EINVAL; + } + + if (param->padding) { + DMERR("padding not zeroed in strict mode (got %u, cmd %u)", + param->padding, cmd); + return -EINVAL; + } + + if (param->open_count != 0) { + DMERR("open_count not zeroed in strict mode (got %d, cmd %u)", + param->open_count, cmd); + return -EINVAL; + } + + if (param->event_nr != 0 && (ioctl_flags & IOCTL_FLAGS_TAKES_EVENT_NR) == 0) { + DMERR("Event number not zeroed for command that does not take one (got %u, cmd %u)", + param->event_nr, cmd); + return -EINVAL; + } + + if (ioctl_flags & IOCTL_FLAGS_NO_PARAMS) { + /* Ignores parameters */ + if (param->data_size != sizeof(struct dm_ioctl)) { + DMERR("command %u must not have parameters", cmd); + return -EINVAL; + } + + if (param->target_count != 0) { + DMERR("command %u must have zero target_count", cmd); + return -EINVAL; + } + + if (param->data_start) { + DMERR("command %u must have zero data_start", cmd); + return -EINVAL; + } + } return 0; } @@ -2024,6 +2178,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us ioctl_fn fn = NULL; size_t input_param_size; struct dm_ioctl param_kernel; + uint32_t supported_flags, old_flags; /* only root can play with this */ if (!capable(CAP_SYS_ADMIN)) @@ -2039,7 +2194,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us * writes out the kernel's interface version. */ r = check_version(cmd, user, ¶m_kernel); - if (r) + if (r != 0) return r; /* @@ -2048,7 +2203,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (cmd == DM_VERSION_CMD) return 0; - fn = lookup_ioctl(cmd, &ioctl_flags); + fn = lookup_ioctl(cmd, &ioctl_flags, &supported_flags); if (!fn) { DMERR("dm_ctl_ioctl: unknown command 0x%x", command); return -ENOTTY; @@ -2063,11 +2218,20 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us return r; input_param_size = param->data_size; - r = validate_params(cmd, param); + + /* + * In sloppy mode, validate_params will clear some + * flags to ensure other code does not get confused. + * Save the original flags here. + */ + old_flags = param->flags; + r = validate_params(cmd, param, ioctl_flags, supported_flags); if (r) goto out; + /* This XOR keeps only the flags validate_params has changed. */ + old_flags ^= param->flags; - param->data_size = offsetof(struct dm_ioctl, data); + param->data_size = sloppy_checks(param) ? offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); r = fn(file, param, input_param_size); if (unlikely(param->flags & DM_BUFFER_FULL_FLAG) && @@ -2077,6 +2241,9 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (!r && ioctl_flags & IOCTL_FLAGS_ISSUE_GLOBAL_EVENT) dm_issue_global_event(); + /* Resture the flags that validate_params cleared */ + param->flags |= old_flags; + /* * Copy the results back to userland. */ diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 1990b5700f6948243def314cec22f380926aca2e..81103e1dcdac3015204e9c05d73037191e965d59 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -171,8 +171,11 @@ struct dm_target_spec { /* * Parameter string starts immediately after this object. - * Be careful to add padding after string to ensure correct - * alignment of subsequent dm_target_spec. + * Be careful to add padding after string to ensure 8-byte + * alignment of subsequent dm_target_spec. If the major version + * is DM_VERSION_MAJOR_STRICT, the padding must be at most 7 bytes, + * (not including the terminating NULt that ends the string) and + * must be zeroed. */ }; @@ -285,14 +288,25 @@ enum { #define DM_TARGET_MSG _IOWR(DM_IOCTL, DM_TARGET_MSG_CMD, struct dm_ioctl) #define DM_DEV_SET_GEOMETRY _IOWR(DM_IOCTL, DM_DEV_SET_GEOMETRY_CMD, struct dm_ioctl) +/* Legacy major version */ #define DM_VERSION_MAJOR 4 -#define DM_VERSION_MINOR 48 +/* + * New major version. Enforces strict parameter checks and is required for + * using some new features, such as new flags. Should be used by all new code. + * + * If one uses DM_VERSION_MAJOR_STRICT, it is possible for the behavior of + * ioctls to depend on the minor version passed by userspace. Userspace must + * not pass a minor version greater than the version it was designed for. + */ +#define DM_VERSION_MAJOR_STRICT 5 +#define DM_VERSION_MINOR 49 #define DM_VERSION_PATCHLEVEL 0 #define DM_VERSION_EXTRA "-ioctl (2023-03-01)" /* Status bits */ #define DM_READONLY_FLAG (1 << 0) /* In/Out */ #define DM_SUSPEND_FLAG (1 << 1) /* In/Out */ +#define DM_EXISTS_FLAG (1 << 2) /* Not used by kernel, reserved for libdevmapper in userland */ #define DM_PERSISTENT_DEV_FLAG (1 << 3) /* In */ /* @@ -315,7 +329,8 @@ enum { #define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */ /* - * This flag is now ignored. + * This flag is now ignored if DM_VERSION_MAJOR is used, and causes + * -EINVAL if DM_VERSION_MAJOR_STRICT is used. */ #define DM_SKIP_BDGET_FLAG (1 << 9) /* In */ @@ -382,4 +397,11 @@ enum { */ #define DM_IMA_MEASUREMENT_FLAG (1 << 19) /* In */ +/* + * If DM_VERSION_MAJOR is used, these flags are ignored by the kernel. + * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and + * must be zeroed. + */ +#define DM_STRICT_ONLY_FLAGS ((__u32)0xFFF00004) + #endif /* _LINUX_DM_IOCTL_H */ From patchwork Tue May 30 20:31:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261143 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DB5FFC7EE24 for ; Tue, 30 May 2023 20:54:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480086; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=hvLcsstDiy2YOpBcWTDdwbH7NTpxvVPeABrclD7boWE=; b=g7hzy7l7JpOWMm6hOZka5oDLTf9wK0icowFwU5zMEdT2BY7XduEsjNlosGPcrD8Phsg1ED bhAoAIdEsUmPsOI1o3HkveM3M3z5UM0PmMC5HkS+wll7DIZ6qhXPx32JbqR/2eCqOtjNhk APGkgZENviR0CgG/Jyn8faEQJ+cvucE= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-526--zIPxobOMimSZ7JX0Ock3w-1; Tue, 30 May 2023 16:54:44 -0400 X-MC-Unique: -zIPxobOMimSZ7JX0Ock3w-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 00CE1811E85; Tue, 30 May 2023 20:54:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E080040D1B60; Tue, 30 May 2023 20:54:35 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 7BAC9194F277; Tue, 30 May 2023 20:54:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 0956E1946595 for ; Tue, 30 May 2023 20:40:53 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C0F50420AA; Tue, 30 May 2023 20:40:53 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B7CF7421D3 for ; Tue, 30 May 2023 20:40:53 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9869238107EF for ; Tue, 30 May 2023 20:40:53 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-436-D0uLt3nAPNGWkvu3OXLWKg-1; Tue, 30 May 2023 16:40:52 -0400 X-MC-Unique: D0uLt3nAPNGWkvu3OXLWKg-1 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id CFA993200344; Tue, 30 May 2023 16:31:57 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:31:58 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:56 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:08 -0400 Message-Id: <20230530203116.2008-9-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 08/16] device-mapper: Allow userspace to provide expected diskseq X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com This can be used to avoid race conditions in which a device is destroyed and recreated with the same major/minor, name, or UUID. diskseqs are only honored if strict parameter checking is on, to avoid any risk of breaking old userspace. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 48 ++++++++++++++++++++++++++++------- include/uapi/linux/dm-ioctl.h | 33 +++++++++++++++++++++--- 2 files changed, 69 insertions(+), 12 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index cf752e72ef6a2d8f8230e5bd6d1a6dc817a4f597..01cdf57bcafbf7f3e1b8304eec28792c6b24642d 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -871,6 +871,9 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) } dm_put_live_table(md, srcu_idx); } + + if (param->version[0] >= DM_VERSION_MAJOR_STRICT) + dm_set_diskseq(param, disk->diskseq); } static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_size) @@ -889,6 +892,8 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si if (r) return r; + param->flags &= ~DM_INACTIVE_PRESENT_FLAG; + r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); if (r) { dm_put(md); @@ -909,6 +914,7 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) { struct hash_cell *hc = NULL; + static_assert(offsetof(struct dm_ioctl, diskseq_high) == offsetof(struct dm_ioctl, data) + 3); if (*param->uuid) { if (*param->name || param->dev) { @@ -937,6 +943,27 @@ static struct hash_cell *__find_device_hash_cell(struct dm_ioctl *param) } else return NULL; + if (param->version[0] >= DM_VERSION_MAJOR_STRICT) { + u64 expected_diskseq = dm_get_diskseq(param); + u64 diskseq; + struct mapped_device *md = hc->md; + + if (WARN_ON_ONCE(md->disk == NULL)) + return NULL; + diskseq = md->disk->diskseq; + if (WARN_ON_ONCE(diskseq == 0)) + return NULL; + if (expected_diskseq != 0) { + if (expected_diskseq != diskseq) { + DMERR("Diskseq mismatch: expected %llu actual %llu", + expected_diskseq, diskseq); + return NULL; + } + } else { + dm_set_diskseq(param, diskseq); + } + } + /* * Sneakily write in both the name and the uuid * while we have the cell. @@ -2088,7 +2115,6 @@ static int validate_params(uint cmd, struct dm_ioctl *param, uint32_t ioctl_flags, uint32_t supported_flags) { static_assert(__same_type(param->flags, supported_flags)); - u64 zero = 0; if (cmd == DM_DEV_CREATE_CMD) { if (!*param->name) { @@ -2112,14 +2138,24 @@ static int validate_params(uint cmd, struct dm_ioctl *param, return 0; } + if (param->data_size < sizeof(struct dm_ioctl)) { + DMERR("Entire struct dm_ioctl (size %zu) must be valid, but only %u was valid", + sizeof(struct dm_ioctl), param->data_size); + return -EINVAL; + } + /* Check that strings are terminated */ if (!no_non_nul_after_nul(param->name, DM_NAME_LEN, cmd, "Name") || !no_non_nul_after_nul(param->uuid, DM_UUID_LEN, cmd, "UUID")) { return -EINVAL; } - if (memcmp(param->data, &zero, sizeof(param->data)) != 0) { - DMERR("second padding field not zeroed in strict mode (cmd %u)", cmd); + /* + * This also reads the NUL terminator of the UUID, but that has already been + * checked to be zero by no_non_nul_after_nul(). + */ + if (*(const u32 *)((const char *)param + sizeof(struct dm_ioctl) - 8) != 0) { + DMERR("padding field not zeroed in strict mode (cmd %u)", cmd); return -EINVAL; } @@ -2129,12 +2165,6 @@ static int validate_params(uint cmd, struct dm_ioctl *param, return -EINVAL; } - if (param->padding) { - DMERR("padding not zeroed in strict mode (got %u, cmd %u)", - param->padding, cmd); - return -EINVAL; - } - if (param->open_count != 0) { DMERR("open_count not zeroed in strict mode (got %d, cmd %u)", param->open_count, cmd); diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 81103e1dcdac3015204e9c05d73037191e965d59..5647b218f24b626f5c1cefe8bec18dc04373c3d0 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -136,16 +136,43 @@ struct dm_ioctl { * For output, the ioctls return the event number, not the cookie. */ __u32 event_nr; /* in/out */ - __u32 padding; + + union { + /* valid if DM_VERSION_MAJOR is used */ + __u32 padding; /* padding */ + /* valid if DM_VERSION_MAJOR_STRICT is used */ + __u32 diskseq_low; /* in/out: low 4 bytes of the diskseq */ + }; __u64 dev; /* in/out */ char name[DM_NAME_LEN]; /* device name */ char uuid[DM_UUID_LEN]; /* unique identifier for * the block device */ - char data[7]; /* padding or data */ + union { + /* valid if DM_VERSION_MAJOR is used */ + char data[7]; /* padding or data */ + /* valid if DM_VERSION_MAJOR_STRICT is used */ + struct { + char _padding[3]; /* padding */ + __u32 diskseq_high; /* in/out: high 4 bytes of the diskseq */ + } __attribute__((packed)); + }; }; +__attribute__((always_inline)) static inline __u64 +dm_get_diskseq(const struct dm_ioctl *_i) +{ + return (__u64)_i->diskseq_high << 32 | (__u64)_i->diskseq_low; +} + +__attribute__((always_inline)) static inline void +dm_set_diskseq(struct dm_ioctl *_i, __u64 _diskseq) +{ + _i->diskseq_low = (__u32)(_diskseq & 0xFFFFFFFFU); + _i->diskseq_high = (__u32)(_diskseq >> 32); +} + /* * Used to specify tables. These structures appear after the * dm_ioctl. @@ -402,6 +429,6 @@ enum { * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and * must be zeroed. */ -#define DM_STRICT_ONLY_FLAGS ((__u32)0xFFF00004) +#define DM_STRICT_ONLY_FLAGS ((__u32)(~((1UL << 19) - 1) | 1 << 9 | 1 << 7)) #endif /* _LINUX_DM_IOCTL_H */ From patchwork Tue May 30 20:31:09 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261139 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 260EBC77B73 for ; Tue, 30 May 2023 20:54:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480084; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=TzoAECCZvHTyf2m06754wLSnNWB8AuMLKYNYMhtJOk0=; b=hPOyL4RJ0ZF8Mim7AMOWY/L44h/ZXNqxCdpPhXopRhTxa7y/HgxvfmgbU2F2U+ejzN7pxp bKZqnJ+O8Jr5hqdLiFqNmypqXyaHeTxq/+N917DZV7Zm3wAlTx4riFBnC1GT9Zmpu4fkM+ z4eaVXT/c9gKdTO2w2WN3lIJ3u+fKos= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-630-MW4Xtj2IMxWzB_gsl8mhXw-1; Tue, 30 May 2023 16:54:42 -0400 X-MC-Unique: MW4Xtj2IMxWzB_gsl8mhXw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DA92A803C81; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id C2C03140E955; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4BC2519451C2; Tue, 30 May 2023 20:54:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3E6E619465A8 for ; Tue, 30 May 2023 20:40:58 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 2029C112132D; Tue, 30 May 2023 20:40:58 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 191C5112132C for ; Tue, 30 May 2023 20:40:58 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id EE590811E88 for ; Tue, 30 May 2023 20:40:57 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-264-noGk3qJQNrqU4NvzTtfrAQ-1; Tue, 30 May 2023 16:40:55 -0400 X-MC-Unique: noGk3qJQNrqU4NvzTtfrAQ-1 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 279DD320091D; Tue, 30 May 2023 16:32:01 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Tue, 30 May 2023 16:32:01 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:31:59 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:09 -0400 Message-Id: <20230530203116.2008-10-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 09/16] device-mapper: Allow userspace to suppress uevent generation X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Userspace can use this to avoid spamming udev with events that udev should ignore. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-core.h | 2 + drivers/md/dm-ioctl.c | 78 ++++++++++++++++++----------------- drivers/md/dm.c | 5 ++- include/linux/device-mapper.h | 2 +- include/uapi/linux/dm-ioctl.h | 14 +++++-- 5 files changed, 57 insertions(+), 44 deletions(-) diff --git a/drivers/md/dm-core.h b/drivers/md/dm-core.h index aecab0c0720f77ae2a0ab048304ea3d1023f9959..a033f85d1a9d9b3d8ec893efd6552fb48d2b3541 100644 --- a/drivers/md/dm-core.h +++ b/drivers/md/dm-core.h @@ -115,6 +115,8 @@ struct mapped_device { /* for blk-mq request-based DM support */ bool init_tio_pdu:1; + /* If set, do not emit any uevents. */ + bool disable_uevents:1; struct blk_mq_tag_set *tag_set; struct dm_stats stats; diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 01cdf57bcafbf7f3e1b8304eec28792c6b24642d..52aa5505d23b2f3d9c0faf6e8a91b74cd7845581 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -814,6 +814,11 @@ static struct dm_table *dm_get_live_or_inactive_table(struct mapped_device *md, dm_get_inactive_table(md, srcu_idx) : dm_get_live_table(md, srcu_idx); } +static inline bool sloppy_checks(const struct dm_ioctl *param) +{ + return param->version[0] < DM_VERSION_MAJOR_STRICT; +} + /* * Fills in a dm_ioctl structure, ready for sending back to * userland. @@ -872,7 +877,7 @@ static void __dev_status(struct mapped_device *md, struct dm_ioctl *param) dm_put_live_table(md, srcu_idx); } - if (param->version[0] >= DM_VERSION_MAJOR_STRICT) + if (!sloppy_checks(param)) dm_set_diskseq(param, disk->diskseq); } @@ -888,7 +893,7 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si if (param->flags & DM_PERSISTENT_DEV_FLAG) m = MINOR(huge_decode_dev(param->dev)); - r = dm_create(m, &md); + r = dm_create(m, &md, param->flags & DM_DISABLE_UEVENTS_FLAG); if (r) return r; @@ -1452,11 +1457,6 @@ static int next_target(struct dm_target_spec *last, uint32_t next, const char *e return 0; } -static inline bool sloppy_checks(const struct dm_ioctl *param) -{ - return param->version[0] < DM_VERSION_MAJOR_STRICT; -} - static bool no_non_nul_after_nul(const char *untrusted_str, size_t size, unsigned int cmd, const char *msg) { @@ -1928,59 +1928,61 @@ static int target_message(struct file *filp, struct dm_ioctl *param, size_t para * Implementation of open/close/ioctl on the special char device. *--------------------------------------------------------------- */ -static ioctl_fn lookup_ioctl(unsigned int cmd, int *ioctl_flags, uint32_t *supported_flags) +static ioctl_fn lookup_ioctl(unsigned int cmd, bool strict, int *ioctl_flags, uint32_t *supported_flags) { static const struct { int cmd; int flags; ioctl_fn fn; uint32_t supported_flags; + uint32_t strict_flags; } _ioctls[] = { /* Macro to make the structure initializers somewhat readable */ -#define I(cmd, flags, fn, supported_flags) { \ - (cmd), \ - (flags), \ - (fn), \ - /* \ - * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ - * Use BUILD_BUG_ON_ZERO to check for that. \ - */ \ - (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ +#define I(cmd, flags, fn, supported_flags, strict_flags) { \ + (cmd), \ + (flags), \ + (fn), \ + /* \ + * Supported flags in sloppy mode must not include anything in DM_STRICT_ONLY_FLAGS. \ + * Use BUILD_BUG_ON_ZERO to check for that. \ + */ \ + (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & DM_STRICT_ONLY_FLAGS), \ + (strict_flags) | (supported_flags) | BUILD_BUG_ON_ZERO((supported_flags) & (strict_flags)), \ } - I(DM_VERSION_CMD, 0, NULL, 0), /* version is dealt with elsewhere */ + I(DM_VERSION_CMD, 0, NULL, 0, 0), /* version is dealt with elsewhere */ I(DM_REMOVE_ALL_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, remove_all, - DM_DEFERRED_REMOVE), - I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG), + DM_DEFERRED_REMOVE, 0), + I(DM_LIST_DEVICES_CMD, 0, list_devices, DM_UUID_FLAG, 0), I(DM_DEV_CREATE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_create, - DM_PERSISTENT_DEV_FLAG), + DM_PERSISTENT_DEV_FLAG, DM_DISABLE_UEVENTS_FLAG), I(DM_DEV_REMOVE_CMD, IOCTL_FLAGS_NO_PARAMS | IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_remove, - DM_DEFERRED_REMOVE), + DM_DEFERRED_REMOVE, 0), I(DM_DEV_RENAME_CMD, IOCTL_FLAGS_ISSUE_GLOBAL_EVENT, dev_rename, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_UUID_FLAG, 0), I(DM_DEV_SUSPEND_CMD, IOCTL_FLAGS_NO_PARAMS, dev_suspend, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG), - I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_SUSPEND_FLAG | DM_SKIP_LOCKFS_FLAG | DM_NOFLUSH_FLAG, 0), + I(DM_DEV_STATUS_CMD, IOCTL_FLAGS_NO_PARAMS, dev_status, DM_QUERY_INACTIVE_TABLE_FLAG, 0), I(DM_DEV_WAIT_CMD, IOCTL_FLAGS_TAKES_EVENT_NR, dev_wait, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), - I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG), - I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG), - I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG, 0), + I(DM_TABLE_LOAD_CMD, 0, table_load, DM_QUERY_INACTIVE_TABLE_FLAG | DM_READONLY_FLAG, 0), + I(DM_TABLE_CLEAR_CMD, IOCTL_FLAGS_NO_PARAMS, table_clear, DM_QUERY_INACTIVE_TABLE_FLAG, 0), + I(DM_TABLE_DEPS_CMD, 0, table_deps, DM_QUERY_INACTIVE_TABLE_FLAG, 0), I(DM_TABLE_STATUS_CMD, 0, table_status, - DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG), + DM_QUERY_INACTIVE_TABLE_FLAG | DM_STATUS_TABLE_FLAG | DM_NOFLUSH_FLAG, 0), - I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0), + I(DM_LIST_VERSIONS_CMD, 0, list_versions, 0, 0), - I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG), - I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0), - I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0), - I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0), + I(DM_TARGET_MSG_CMD, 0, target_message, DM_QUERY_INACTIVE_TABLE_FLAG, 0), + I(DM_DEV_SET_GEOMETRY_CMD, 0, dev_set_geometry, 0, 0), + I(DM_DEV_ARM_POLL_CMD, IOCTL_FLAGS_NO_PARAMS, dev_arm_poll, 0, 0), + I(DM_GET_TARGET_VERSION_CMD, 0, get_target_version, 0, 0), }; if (unlikely(cmd >= ARRAY_SIZE(_ioctls))) return NULL; cmd = array_index_nospec(cmd, ARRAY_SIZE(_ioctls)); - *supported_flags = _ioctls[cmd].supported_flags; + *supported_flags = strict ? _ioctls[cmd].strict_flags : _ioctls[cmd].supported_flags; *ioctl_flags = _ioctls[cmd].flags; return _ioctls[cmd].fn; } @@ -2233,7 +2235,7 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us if (cmd == DM_VERSION_CMD) return 0; - fn = lookup_ioctl(cmd, &ioctl_flags, &supported_flags); + fn = lookup_ioctl(cmd, !sloppy_checks(¶m_kernel), &ioctl_flags, &supported_flags); if (!fn) { DMERR("dm_ctl_ioctl: unknown command 0x%x", command); return -ENOTTY; @@ -2451,7 +2453,7 @@ int __init dm_early_create(struct dm_ioctl *dmi, m = MINOR(huge_decode_dev(dmi->dev)); /* alloc dm device */ - r = dm_create(m, &md); + r = dm_create(m, &md, false); if (r) return r; diff --git a/drivers/md/dm.c b/drivers/md/dm.c index 3b694ba3a106e68d4c0d5e64cd9136cf7abce237..efdf70a331cb681a88490f45d26259c29ddac850 100644 --- a/drivers/md/dm.c +++ b/drivers/md/dm.c @@ -2276,13 +2276,14 @@ static struct dm_table *__unbind(struct mapped_device *md) /* * Constructor for a new device. */ -int dm_create(int minor, struct mapped_device **result) +int dm_create(int minor, struct mapped_device **result, bool disable_uevents) { struct mapped_device *md; md = alloc_dev(minor); if (!md) return -ENXIO; + md->disable_uevents = disable_uevents; dm_ima_reset_data(md); @@ -2999,6 +3000,8 @@ int dm_kobject_uevent(struct mapped_device *md, enum kobject_action action, char udev_cookie[DM_COOKIE_LENGTH]; char *envp[3] = { NULL, NULL, NULL }; char **envpp = envp; + if (md->disable_uevents) + return 0; if (cookie) { snprintf(udev_cookie, DM_COOKIE_LENGTH, "%s=%u", DM_COOKIE_ENV_VAR_NAME, cookie); diff --git a/include/linux/device-mapper.h b/include/linux/device-mapper.h index a52d2b9a68460ac7951ad6ebe76d9a1cfccf7afb..7c8d7a7e8798d20e517e2264c06772ecd8b41ef3 100644 --- a/include/linux/device-mapper.h +++ b/include/linux/device-mapper.h @@ -463,7 +463,7 @@ void dm_consume_args(struct dm_arg_set *as, unsigned int num_args); * DM_ANY_MINOR chooses the next available minor number. */ #define DM_ANY_MINOR (-1) -int dm_create(int minor, struct mapped_device **md); +int dm_create(int minor, struct mapped_device **md, bool disable_uevents); /* * Reference counting for md. diff --git a/include/uapi/linux/dm-ioctl.h b/include/uapi/linux/dm-ioctl.h index 5647b218f24b626f5c1cefe8bec18dc04373c3d0..07cc5bbb6944ebaa42ddfec6fd5e0413c535e7ff 100644 --- a/include/uapi/linux/dm-ioctl.h +++ b/include/uapi/linux/dm-ioctl.h @@ -356,8 +356,16 @@ enum { #define DM_BUFFER_FULL_FLAG (1 << 8) /* Out */ /* - * This flag is now ignored if DM_VERSION_MAJOR is used, and causes - * -EINVAL if DM_VERSION_MAJOR_STRICT is used. + * This flag is only recognized when DM_VERSION_MAJOR_STRICT is used. + * It tells the kernel to not generate any uevents for the newly-created + * device. Using it outside of DM_DEV_CREATE results in -EINVAL. When + * DM_VERSION_MAJOR is used this flag is ignored. + */ +#define DM_DISABLE_UEVENTS_FLAG (1 << 9) /* In */ + +/* + * This flag is now ignored if DM_VERSION_MAJOR is used. When + * DM_VERSION_MAJOR_STRICT is used it is an alias for DM_DISABLE_UEVENT_FLAG. */ #define DM_SKIP_BDGET_FLAG (1 << 9) /* In */ @@ -426,8 +434,6 @@ enum { /* * If DM_VERSION_MAJOR is used, these flags are ignored by the kernel. - * If DM_VERSION_MAJOR_STRICT is used, these flags are reserved and - * must be zeroed. */ #define DM_STRICT_ONLY_FLAGS ((__u32)(~((1UL << 19) - 1) | 1 << 9 | 1 << 7)) From patchwork Tue May 30 20:31:10 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261151 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DB866C7EE2F for ; Tue, 30 May 2023 20:54:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480092; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=KI3CEgfRFH6yoO/+/WXpbPzpwAT6EB6TjhxxDw99epM=; b=EmK3M2raKACyFArNbG4UJgbh3CHo8DGZSLqKr1tVb9wPfpC8L3+hQlKmKr8s4ynOF6qud3 08ihp4LXKU3YJAPReKp5iKth7Q3mWUUnnvxjdbaQnzcLSXECsUwo6ZuOyIeV/AQaNwEdbz gk8xpgpqNAEL6e9zFt7cjrs6aUAs99U= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-92-afFAyTI6MuORu0Qz1nj97g-1; Tue, 30 May 2023 16:54:51 -0400 X-MC-Unique: afFAyTI6MuORu0Qz1nj97g-1 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C2513280BCA7; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4D8612023273; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id D74C119451E2; Tue, 30 May 2023 20:54:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id EFF3419465A0 for ; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id C4394400DFF; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast10.extmail.prod.ext.rdu2.redhat.com [10.11.55.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BB8B2492B00 for ; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 9B5821C0150D for ; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-652-nFevvtGoM4WIzgRzcDcf7w-1; Tue, 30 May 2023 16:40:52 -0400 X-MC-Unique: nFevvtGoM4WIzgRzcDcf7w-1 Received: from compute2.internal (compute2.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id F2B183200930; Tue, 30 May 2023 16:32:03 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute2.internal (MEProxy); Tue, 30 May 2023 16:32:04 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:02 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:10 -0400 Message-Id: <20230530203116.2008-11-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 10/16] device-mapper: Refuse to create device named "control" X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Typical userspace setups create a symlink under /dev/mapper with the name of the device, but /dev/mapper/control is reserved for the control device. Therefore, trying to create such a device is almost certain to be a userspace bug. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 52aa5505d23b2f3d9c0faf6e8a91b74cd7845581..9ae00e3c1a72c19575814cf473774835b364320b 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -771,7 +771,12 @@ static int get_target_version(struct file *filp, struct dm_ioctl *param, size_t static int check_name(const char *name) { if (strchr(name, '/')) { - DMERR("invalid device name"); + DMERR("device name cannot contain '/'"); + return -EINVAL; + } + + if (strcmp(name, DM_CONTROL_NODE) == 0) { + DMERR("device name cannot be \"%s\"", DM_CONTROL_NODE); return -EINVAL; } From patchwork Tue May 30 20:31:11 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261136 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 15529C7EE24 for ; Tue, 30 May 2023 20:54:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480080; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=wp589mau1NZN8aA9MNGtD0REbJcZayyqVTgGP3Sdz5Y=; b=b4sR8aGwisfJTJryIJMXjoyQIofpydMbiOoQJ65/uts5cYOl6Z4sIvF/msv3JzqgUOG1Gt TzMF8z3NuTsGOdShcF6A7cVejYWaKn3Lf/guPdXdF9jlRN4/CqWwGxHB5r4O9IWXBr2QI3 fdAd0GfRZC2OJeECNYnSSOmj3xTHNB0= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-6-ElS6omWbN4W-HCLmCQGpRw-1; Tue, 30 May 2023 16:54:36 -0400 X-MC-Unique: ElS6omWbN4W-HCLmCQGpRw-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 0222F101A59B; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E4CD240C6EC4; Tue, 30 May 2023 20:54:31 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 9BBB419465BA; Tue, 30 May 2023 20:54:24 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id ADA951946595 for ; Tue, 30 May 2023 20:41:31 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A00F72166B26; Tue, 30 May 2023 20:41:31 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast07.extmail.prod.ext.rdu2.redhat.com [10.11.55.23]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 967D72166B28 for ; Tue, 30 May 2023 20:41:14 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id C572E3C13500 for ; Tue, 30 May 2023 20:41:11 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-659-HUcQe95uNJCidSjay2RruQ-1; Tue, 30 May 2023 16:40:58 -0400 X-MC-Unique: HUcQe95uNJCidSjay2RruQ-1 Received: from compute6.internal (compute6.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id C38563200948; Tue, 30 May 2023 16:32:06 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Tue, 30 May 2023 16:32:07 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedune curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:05 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:11 -0400 Message-Id: <20230530203116.2008-12-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 11/16] device-mapper: "." and ".." are not valid symlink names X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Using either of these is going to greatly confuse userspace, as they are not valid symlink names and so creating the usual /dev/mapper/NAME symlink will not be possible. As creating a device with either of these names is almost certainly a userspace bug, just error out. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 9ae00e3c1a72c19575814cf473774835b364320b..17ece816d490b6c40d019da131ade44c9a201dab 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -775,8 +775,10 @@ static int check_name(const char *name) return -EINVAL; } - if (strcmp(name, DM_CONTROL_NODE) == 0) { - DMERR("device name cannot be \"%s\"", DM_CONTROL_NODE); + if (strcmp(name, DM_CONTROL_NODE) == 0 || + strcmp(name, ".") == 0 || + strcmp(name, "..") == 0) { + DMERR("device name cannot be \"%s\", \".\", or \"..\"", DM_CONTROL_NODE); return -EINVAL; } From patchwork Tue May 30 20:31:12 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261137 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 848BCC7EE23 for ; Tue, 30 May 2023 20:54:44 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480083; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=L5T/Xpt858LWzbYCxlpWSTAOgKf1/JdFwvR59Fkk2C0=; b=MnFTIC+bo0/Fg47rJ2RN9Bd5dP3LXe2qXBCFvhb0bVCqFsl6KfDwqdAvTkB4vH7Et/yUdN MXrPPfJVVRci5gtOe1TGXj2TnWf+Gv4a30lVaTBHHVBsJj0XE49n6LreWfAJbvd8SdQAUM D0bFDFm+SrjL0G0C/inCI/gZRIm4apA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-624-16vTtG9CPma8tcW9luq7Ug-1; Tue, 30 May 2023 16:54:39 -0400 X-MC-Unique: 16vTtG9CPma8tcW9luq7Ug-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id F239E85828A; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id E02EB492B0B; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 1515F19452C7; Tue, 30 May 2023 20:54:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id CC0691946595 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 9D97F2166B27; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 94B1B2166B26 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [205.139.110.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7834938107F6 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-240-fIteULKKMmSIl_aKLRfOSw-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: fIteULKKMmSIl_aKLRfOSw-1 Received: from compute3.internal (compute3.nyi.internal [10.202.2.43]) by mailout.west.internal (Postfix) with ESMTP id 723F63200943; Tue, 30 May 2023 16:32:09 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute3.internal (MEProxy); Tue, 30 May 2023 16:32:10 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:08 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:12 -0400 Message-Id: <20230530203116.2008-13-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.6 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 12/16] device-mapper: inform caller about already-existing device X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Not only is this helpful for debugging, it also saves the caller an ioctl in the case where a device should be used if it exists or created otherwise. To ensure existing userspace is not broken, this feature is only enabled in strict mode. Signed-off-by: Demi Marie Obenour --- drivers/md/dm-ioctl.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/drivers/md/dm-ioctl.c b/drivers/md/dm-ioctl.c index 17ece816d490b6c40d019da131ade44c9a201dab..44425093d3b908abf80e05e1fc99a26b17e18a42 100644 --- a/drivers/md/dm-ioctl.c +++ b/drivers/md/dm-ioctl.c @@ -256,11 +256,13 @@ static void free_cell(struct hash_cell *hc) } } +static void __dev_status(struct mapped_device *md, struct dm_ioctl *param); + /* * The kdev_t and uuid of a device can never change once it is * initially inserted. */ -static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md) +static int dm_hash_insert(const char *name, const char *uuid, struct mapped_device *md, struct dm_ioctl *param) { struct hash_cell *cell, *hc; @@ -277,6 +279,8 @@ static int dm_hash_insert(const char *name, const char *uuid, struct mapped_devi down_write(&_hash_lock); hc = __get_name_cell(name); if (hc) { + if (param) + __dev_status(hc->md, param); dm_put(hc->md); goto bad; } @@ -287,6 +291,8 @@ static int dm_hash_insert(const char *name, const char *uuid, struct mapped_devi hc = __get_uuid_cell(uuid); if (hc) { __unlink_name(cell); + if (param) + __dev_status(hc->md, param); dm_put(hc->md); goto bad; } @@ -901,12 +907,14 @@ static int dev_create(struct file *filp, struct dm_ioctl *param, size_t param_si m = MINOR(huge_decode_dev(param->dev)); r = dm_create(m, &md, param->flags & DM_DISABLE_UEVENTS_FLAG); - if (r) + if (r) { + DMERR("Could not create device-mapper device"); return r; + } param->flags &= ~DM_INACTIVE_PRESENT_FLAG; - r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md); + r = dm_hash_insert(param->name, *param->uuid ? param->uuid : NULL, md, param); if (r) { dm_put(md); dm_destroy(md); @@ -2269,7 +2277,6 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us goto out; /* This XOR keeps only the flags validate_params has changed. */ old_flags ^= param->flags; - param->data_size = sloppy_checks(param) ? offsetof(struct dm_ioctl, data) : sizeof(struct dm_ioctl); r = fn(file, param, input_param_size); @@ -2284,9 +2291,14 @@ static int ctl_ioctl(struct file *file, uint command, struct dm_ioctl __user *us param->flags |= old_flags; /* - * Copy the results back to userland. + * Copy the results back to userland if either: + * + * - The ioctl succeeded. + * - The ioctl is DM_DEV_CREATE, the return value is -EBUSY, + * and strict parameter checking is enabled. */ - if (!r && copy_to_user(user, param, param->data_size)) + if ((!r || (!sloppy_checks(param) && cmd == DM_DEV_CREATE_CMD && r == -EBUSY)) && + copy_to_user(user, param, param->data_size)) r = -EFAULT; out: @@ -2465,7 +2477,7 @@ int __init dm_early_create(struct dm_ioctl *dmi, return r; /* hash insert */ - r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md); + r = dm_hash_insert(dmi->name, *dmi->uuid ? dmi->uuid : NULL, md, NULL); if (r) goto err_destroy_dm; From patchwork Tue May 30 20:31:13 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261140 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 8A44CC7EE2F for ; Tue, 30 May 2023 20:54:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480085; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=CI8UCKup+jlcfHUyvRUMws9R13M5C3hUnTw1atyxqZo=; b=W2W/TSypTbRmuvEYH5WhERlI9BlsoK7oGi2ZbQ2SIpvBjllMo/u93T2dWuUK5c2zcW8hkh 3Q9ekXKyqCk2tHveYTw3lOFbPSeA67/R8/EVugCG9fre4tFtNh219WhRjA5Wc3ImpDVWqd FrTKNkiBceMRkjAK4jt83EGmUqYjFak= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-372-SW1gNvfPOLmF2noS2PzCqw-1; Tue, 30 May 2023 16:54:43 -0400 X-MC-Unique: SW1gNvfPOLmF2noS2PzCqw-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.rdu2.redhat.com [10.11.54.5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id B8EFA101B04B; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 99769421D8; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 14D0C19451F6; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 3409F19465B7 for ; Tue, 30 May 2023 20:40:59 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 140FE112132D; Tue, 30 May 2023 20:40:59 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast08.extmail.prod.ext.rdu2.redhat.com [10.11.55.24]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0CBE5112132C for ; Tue, 30 May 2023 20:40:59 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E51A438117E3 for ; Tue, 30 May 2023 20:40:58 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-671-rwqQMkW_OhKeRDDHLyRbwA-1; Tue, 30 May 2023 16:40:52 -0400 X-MC-Unique: rwqQMkW_OhKeRDDHLyRbwA-1 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 6EF803200934; Tue, 30 May 2023 16:32:12 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:13 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:11 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:13 -0400 Message-Id: <20230530203116.2008-14-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 13/16] xen-blkback: Implement diskseq checks X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.5 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com This allows specifying a disk sequence number in XenStore. If it does not match the disk sequence number of the underlying device, the device will not be exported and a warning will be logged. Userspace can use this to eliminate race conditions due to major/minor number reuse. Old kernels do not support the new syntax, but a later patch will allow userspace to discover that the new syntax is supported. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/xenbus.c | 112 +++++++++++++++++++++++------ 1 file changed, 89 insertions(+), 23 deletions(-) diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 4807af1d58059394d7a992335dabaf2bc3901721..9c3eb148fbd802c74e626c3d7bcd69dcb09bd921 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -24,6 +24,7 @@ struct backend_info { struct xenbus_watch backend_watch; unsigned major; unsigned minor; + unsigned long long diskseq; char *mode; }; @@ -479,7 +480,7 @@ static void xen_vbd_free(struct xen_vbd *vbd) static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle, unsigned major, unsigned minor, int readonly, - int cdrom) + bool cdrom, u64 diskseq) { struct xen_vbd *vbd; struct block_device *bdev; @@ -507,6 +508,26 @@ static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle, xen_vbd_free(vbd); return -ENOENT; } + + if (diskseq) { + struct gendisk *disk = bdev->bd_disk; + + if (unlikely(disk == NULL)) { + pr_err("%s: device %08x has no gendisk\n", + __func__, vbd->pdevice); + xen_vbd_free(vbd); + return -EFAULT; + } + + if (unlikely(disk->diskseq != diskseq)) { + pr_warn("%s: device %08x has incorrect sequence " + "number 0x%llx (expected 0x%llx)\n", + __func__, vbd->pdevice, disk->diskseq, diskseq); + xen_vbd_free(vbd); + return -ENODEV; + } + } + vbd->size = vbd_sz(vbd); if (cdrom || disk_to_cdi(vbd->bdev->bd_disk)) @@ -707,6 +728,9 @@ static void backend_changed(struct xenbus_watch *watch, int cdrom = 0; unsigned long handle; char *device_type; + char *diskseq_str = NULL; + int diskseq_len; + unsigned long long diskseq; pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id); @@ -725,10 +749,46 @@ static void backend_changed(struct xenbus_watch *watch, return; } - if (be->major | be->minor) { - if (be->major != major || be->minor != minor) - pr_warn("changing physical device (from %x:%x to %x:%x) not supported.\n", - be->major, be->minor, major, minor); + diskseq_str = xenbus_read(XBT_NIL, dev->nodename, "diskseq", &diskseq_len); + if (IS_ERR(diskseq_str)) { + int err = PTR_ERR(diskseq_str); + diskseq_str = NULL; + + /* + * If this does not exist, it means legacy userspace that does not + * support diskseq. + */ + if (unlikely(!XENBUS_EXIST_ERR(err))) { + xenbus_dev_fatal(dev, err, "reading diskseq"); + return; + } + diskseq = 0; + } else if (diskseq_len <= 0) { + xenbus_dev_fatal(dev, -EFAULT, "diskseq must not be empty"); + goto fail; + } else if (diskseq_len > 16) { + xenbus_dev_fatal(dev, -ERANGE, "diskseq too long: got %d but limit is 16", + diskseq_len); + goto fail; + } else if (diskseq_str[0] == '0') { + xenbus_dev_fatal(dev, -ERANGE, "diskseq must not start with '0'"); + goto fail; + } else { + char *diskseq_end; + diskseq = simple_strtoull(diskseq_str, &diskseq_end, 16); + if (diskseq_end != diskseq_str + diskseq_len) { + xenbus_dev_fatal(dev, -EINVAL, "invalid diskseq"); + goto fail; + } + kfree(diskseq_str); + diskseq_str = NULL; + } + + if (be->major | be->minor | be->diskseq) { + if (be->major != major || be->minor != minor || be->diskseq != diskseq) + pr_warn("changing physical device (from %x:%x:%llx to %x:%x:%llx)" + " not supported.\n", + be->major, be->minor, be->diskseq, major, minor, diskseq); return; } @@ -756,29 +816,35 @@ static void backend_changed(struct xenbus_watch *watch, be->major = major; be->minor = minor; + be->diskseq = diskseq; err = xen_vbd_create(be->blkif, handle, major, minor, - !strchr(be->mode, 'w'), cdrom); - - if (err) - xenbus_dev_fatal(dev, err, "creating vbd structure"); - else { - err = xenvbd_sysfs_addif(dev); - if (err) { - xen_vbd_free(&be->blkif->vbd); - xenbus_dev_fatal(dev, err, "creating sysfs entries"); - } - } + !strchr(be->mode, 'w'), cdrom, diskseq); if (err) { - kfree(be->mode); - be->mode = NULL; - be->major = 0; - be->minor = 0; - } else { - /* We're potentially connected now */ - xen_update_blkif_status(be->blkif); + xenbus_dev_fatal(dev, err, "creating vbd structure"); + goto fail; } + + err = xenvbd_sysfs_addif(dev); + if (err) { + xenbus_dev_fatal(dev, err, "creating sysfs entries"); + goto free_vbd; + } + + /* We're potentially connected now */ + xen_update_blkif_status(be->blkif); + return; + +free_vbd: + xen_vbd_free(&be->blkif->vbd); +fail: + kfree(diskseq_str); + kfree(be->mode); + be->mode = NULL; + be->major = 0; + be->minor = 0; + be->diskseq = 0; } /* From patchwork Tue May 30 20:31:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261152 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id 1A4DDC7EE23 for ; Tue, 30 May 2023 20:55:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480103; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=mUm8DDSoJfi2HHCvZt8bGIRQOQRly3mR2S9xZX6xFIM=; b=Sh/ooC87EKztq9qOytK+xIYMHFk4dEzCpDY9f/k02RYmKezq6mtgUszh301T0Or4oOkDyu XesPge/0e1bdB7PlDPOsv/iIyBt71fA43phbIozKhdBrpEILUle5ibEvMWwXfdc8tWyKKz FwxmQYfYGxhMBU8+RqapnsMWVQzskiE= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-220-k031uJpON_ijIvYvxq3P1A-1; Tue, 30 May 2023 16:54:39 -0400 X-MC-Unique: k031uJpON_ijIvYvxq3P1A-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 3671D280D586; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 2291440C6CCC; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A6F9E19451D4; Tue, 30 May 2023 20:54:25 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id C529F1946595 for ; Tue, 30 May 2023 20:35:09 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id A32EF140EBD7; Tue, 30 May 2023 20:35:09 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast09.extmail.prod.ext.rdu2.redhat.com [10.11.55.25]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 9B9CC140EBB8 for ; Tue, 30 May 2023 20:35:09 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-2.mimecast.com [207.211.31.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 72BB2296A600 for ; Tue, 30 May 2023 20:35:09 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-47-EEiphBbRPAmjXY_UvB16qA-1; Tue, 30 May 2023 16:32:52 -0400 X-MC-Unique: EEiphBbRPAmjXY_UvB16qA-1 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 4714F3200941; Tue, 30 May 2023 16:32:15 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:16 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedvne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:14 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:14 -0400 Message-Id: <20230530203116.2008-15-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 14/16] block, loop: Increment diskseq when releasing a loop device X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com The previous patch for checking diskseq in blkback is not enough to prevent the following race: 1. Program X opens a loop device 2. Program X gets the diskseq of the loop device. 3. Program X associates a file with the loop device. 4. Program X passes the loop device major, minor, and diskseq to something, such as Xen blkback. 5. Program X exits. 6. Program Y detaches the file from the loop device. 7. Program Y attaches a different file to the loop device. 8. Xen blkback finally gets around to opening the loop device and checks that the diskseq is what it expects it to be. Even though the diskseq is the expected value, the result is that blkback is accessing the wrong file. To prevent this race condition, increment the diskseq of a loop device when it is detached from its file descriptor. This causes blkback (or any other program, for that matter) to fail at step 8. Export the inc_diskseq() function to make this possible. Signed-off-by: Demi Marie Obenour --- I considered destroying the loop device altogether instead of bumping its diskseq, but was not able to accomplish that. Suggestions welcome. --- block/genhd.c | 1 + drivers/block/loop.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/block/genhd.c b/block/genhd.c index 1cb489b927d50ab06a84a4bfd6913ca8ba7318d4..c0ca2c387732171321555cd57565fbc606768505 100644 --- a/block/genhd.c +++ b/block/genhd.c @@ -1502,3 +1502,4 @@ void inc_diskseq(struct gendisk *disk) { disk->diskseq = atomic64_inc_return(&diskseq); } +EXPORT_SYMBOL(inc_diskseq); diff --git a/drivers/block/loop.c b/drivers/block/loop.c index bc31bb7072a2cb7294d32066f5d0aa14130349b4..05ea5fb41508b4106f184dd6b4c37942716bdcac 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -1205,6 +1205,12 @@ static void __loop_clr_fd(struct loop_device *lo, bool release) if (!part_shift) set_bit(GD_SUPPRESS_PART_SCAN, &lo->lo_disk->state); mutex_lock(&lo->lo_mutex); + + /* + * Increment the disk sequence number, so that userspace knows this + * device now points to something else. + */ + inc_diskseq(lo->lo_disk); lo->lo_state = Lo_unbound; mutex_unlock(&lo->lo_mutex); From patchwork Tue May 30 20:31:15 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261142 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id A7C63C7EE31 for ; Tue, 30 May 2023 20:54:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480085; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=A4d/PYecyOLmiF2eJtIj95lZaI2aWCOhd6vohJUHG9M=; b=F7JqIXkG/iUAAX/GIuWYdDUwl4LYR0p9HgIAKKr8NxWi+e5bYEB2RGS8GoOb/Wy2iDwHnu kzufwHgSW2ID7BBkOhq5aGXdvtn15Q7P6LL6rEEvjQACIQHgvr21sa6aIUhbeM4KOK5ECh 4g37UL/SFRhi1la1jDUHyV/LkZrs+cI= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-611-inwxYftGNbqiQAcdBlM-3w-1; Tue, 30 May 2023 16:54:40 -0400 X-MC-Unique: inwxYftGNbqiQAcdBlM-3w-1 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 2921F101B42F; Tue, 30 May 2023 20:54:34 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id BAF35111F3C7; Tue, 30 May 2023 20:54:33 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 04DD819451F0; Tue, 30 May 2023 20:54:26 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx09.intmail.prod.int.rdu2.redhat.com [10.11.54.9]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 2821019465A0 for ; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 0C983492B00; Tue, 30 May 2023 20:40:55 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast04.extmail.prod.ext.rdu2.redhat.com [10.11.55.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0495048205E for ; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id DD139101A531 for ; Tue, 30 May 2023 20:40:54 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-13-QM5_bhufOP-VBWuk9LR8vQ-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: QM5_bhufOP-VBWuk9LR8vQ-1 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 32CF03200962; Tue, 30 May 2023 16:32:18 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 30 May 2023 16:32:18 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfgggtgfesthekredtredtjeenucfhrhhomhepffgv mhhiucforghrihgvucfqsggvnhhouhhruceouggvmhhisehinhhvihhsihgslhgvthhhih hnghhslhgrsgdrtghomheqnecuggftrfgrthhtvghrnhepkeefieekhfdtgeeuueelleeg vdetieehgfejteduvedvvdejudetudelfedukefhnecuffhomhgrihhnpehinhguihhrvg gtthdrnhhrpdhinhguihhrvggtthdrihgunecuvehluhhsthgvrhfuihiivgeptdenucfr rghrrghmpehmrghilhhfrhhomhepuggvmhhisehinhhvihhsihgslhgvthhhihhnghhslh grsgdrtghomh X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:16 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:15 -0400 Message-Id: <20230530203116.2008-16-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.9 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 15/16] xen-blkback: Minor cleanups X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.3 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com This adds a couple of BUILD_BUG_ON()s and moves some arithmetic after the validation code that checks the arithmetic’s preconditions. The previous code was correct but could potentially trip sanitizers that check for unsigned integer wraparound. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/blkback.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/drivers/block/xen-blkback/blkback.c b/drivers/block/xen-blkback/blkback.c index c362f4ad80ab07bfb58caff0ed7da37dc1484fc5..ac760a08d559085ab875784f1c58cdf2ead95a43 100644 --- a/drivers/block/xen-blkback/blkback.c +++ b/drivers/block/xen-blkback/blkback.c @@ -1342,6 +1342,8 @@ static int dispatch_rw_block_io(struct xen_blkif_ring *ring, nseg = req->operation == BLKIF_OP_INDIRECT ? req->u.indirect.nr_segments : req->u.rw.nr_segments; + BUILD_BUG_ON(offsetof(struct blkif_request, u.rw.id) != 8); + BUILD_BUG_ON(offsetof(struct blkif_request, u.indirect.id) != 8); if (unlikely(nseg == 0 && operation_flags != REQ_PREFLUSH) || unlikely((req->operation != BLKIF_OP_INDIRECT) && (nseg > BLKIF_MAX_SEGMENTS_PER_REQUEST)) || @@ -1365,13 +1367,13 @@ static int dispatch_rw_block_io(struct xen_blkif_ring *ring, preq.sector_number = req->u.rw.sector_number; for (i = 0; i < nseg; i++) { pages[i]->gref = req->u.rw.seg[i].gref; - seg[i].nsec = req->u.rw.seg[i].last_sect - - req->u.rw.seg[i].first_sect + 1; - seg[i].offset = (req->u.rw.seg[i].first_sect << 9); if ((req->u.rw.seg[i].last_sect >= (XEN_PAGE_SIZE >> 9)) || (req->u.rw.seg[i].last_sect < req->u.rw.seg[i].first_sect)) goto fail_response; + seg[i].nsec = req->u.rw.seg[i].last_sect - + req->u.rw.seg[i].first_sect + 1; + seg[i].offset = (req->u.rw.seg[i].first_sect << 9); preq.nr_sects += seg[i].nsec; } } else { From patchwork Tue May 30 20:31:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Demi Marie Obenour X-Patchwork-Id: 13261150 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.lore.kernel.org (Postfix) with ESMTPS id DE9E3C7EE24 for ; Tue, 30 May 2023 20:54:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1685480091; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=kAEReTeSIrC0RC5AmmpKIka/L+Rz5i1ma797N0w6/l4=; b=HzkgiLxGU2VS0s8yQFalGZRO+VrRH2BkEyynSCUPmQxiDFhh5dQZzze8eWViTVXFeJBWGU Yqtcs2NaM3VCVywNubkQ+TB0p1AqQ2RAFB4Gg/zqne0OHWxxKwnuUHS97Zj1UWEFpLuhNA QvZWNH4XoKFY5tdLDUHUh5AXE90HPJI= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-274-tSu-6nY0PLul6ZxX8QkFpQ-1; Tue, 30 May 2023 16:54:49 -0400 X-MC-Unique: tSu-6nY0PLul6ZxX8QkFpQ-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 525E91C01EB4; Tue, 30 May 2023 20:54:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (unknown [10.30.29.100]) by smtp.corp.redhat.com (Postfix) with ESMTP id 4068440D1B63; Tue, 30 May 2023 20:54:36 +0000 (UTC) Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (localhost [IPv6:::1]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id 4DCE419465A0; Tue, 30 May 2023 20:54:32 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with ESMTP id A7ECB1946595 for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: by smtp.corp.redhat.com (Postfix) id 87D23202696C; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast03.extmail.prod.ext.rdu2.redhat.com [10.11.55.19]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 80D5D2029F6E for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from us-smtp-inbound-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 63384806014 for ; Tue, 30 May 2023 20:40:56 +0000 (UTC) Received: from wout5-smtp.messagingengine.com (wout5-smtp.messagingengine.com [64.147.123.21]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-298-Q6LBgvx3M9K7n6-p_Y8fCA-1; Tue, 30 May 2023 16:40:53 -0400 X-MC-Unique: Q6LBgvx3M9K7n6-p_Y8fCA-1 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id 0D022320096E; Tue, 30 May 2023 16:32:20 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Tue, 30 May 2023 16:32:21 -0400 X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeekjedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeffvghm ihcuofgrrhhivgcuqfgsvghnohhurhcuoeguvghmihesihhnvhhishhisghlvghthhhinh hgshhlrggsrdgtohhmqeenucggtffrrghtthgvrhhnpeejffejgffgueegudevvdejkefg hefghffhffejteekleeufeffteffhfdtudehteenucevlhhushhtvghrufhiiigvpedtne curfgrrhgrmhepmhgrihhlfhhrohhmpeguvghmihesihhnvhhishhisghlvghthhhinhhg shhlrggsrdgtohhm X-ME-Proxy: Feedback-ID: iac594737:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 30 May 2023 16:32:19 -0400 (EDT) From: Demi Marie Obenour To: Jens Axboe , =?utf-8?q?Roger_Pau_Monn=C3=A9?= , Alasdair Kergon , Mike Snitzer , dm-devel@redhat.com Date: Tue, 30 May 2023 16:31:16 -0400 Message-Id: <20230530203116.2008-17-demi@invisiblethingslab.com> In-Reply-To: <20230530203116.2008-1-demi@invisiblethingslab.com> References: <20230530203116.2008-1-demi@invisiblethingslab.com> MIME-Version: 1.0 X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 3.1 on 10.11.54.4 X-Mailman-Approved-At: Tue, 30 May 2023 20:54:23 +0000 Subject: [dm-devel] [PATCH v2 16/16] xen-blkback: Inform userspace that device has been opened X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Demi Marie Obenour , linux-block@vger.kernel.org, xen-devel@lists.xenproject.org, =?utf-8?q?Mare?= =?utf-8?q?k_Marczykowski-G=C3=B3recki?= , linux-kernel@vger.kernel.org Errors-To: dm-devel-bounces@redhat.com Sender: "dm-devel" X-Scanned-By: MIMEDefang 3.1 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: invisiblethingslab.com Set "opened" to "0" before the hotplug script is called. Once the device node has been opened, set "opened" to "1". "opened" is used exclusively by userspace. It serves two purposes: 1. It tells userspace that the diskseq Xenstore entry is supported. 2. It tells userspace that it can wait for "opened" to be set to 1. Once "opened" is 1, blkback has a reference to the device, so userspace doesn't need to keep one. Together, these changes allow userspace to use block devices with delete-on-close behavior, such as loop devices with the autoclear flag set or device-mapper devices with the deferred-remove flag set. Signed-off-by: Demi Marie Obenour --- drivers/block/xen-blkback/xenbus.c | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/drivers/block/xen-blkback/xenbus.c b/drivers/block/xen-blkback/xenbus.c index 9c3eb148fbd802c74e626c3d7bcd69dcb09bd921..519a78aa9073d1faa1dce5c1b36e95ae58da534b 100644 --- a/drivers/block/xen-blkback/xenbus.c +++ b/drivers/block/xen-blkback/xenbus.c @@ -3,6 +3,20 @@ Copyright (C) 2005 Rusty Russell Copyright (C) 2005 XenSource Ltd +In addition to the Xenstore nodes required by the Xen block device +specification, this implementation of blkback uses a new Xenstore +node: "opened". blkback sets "opened" to "0" before the hotplug script +is called. Once the device node has been opened, blkback sets "opened" +to "1". + +"opened" is read exclusively by userspace. It serves two purposes: + +1. It tells userspace that diskseq@major:minor syntax for "physical-device" is + supported. + +2. It tells userspace that it can wait for "opened" to be set to 1 after writing + "physical-device". Once "opened" is 1, blkback has a reference to the + device, so userspace doesn't need to keep one. */ @@ -699,6 +713,14 @@ static int xen_blkbk_probe(struct xenbus_device *dev, if (err) pr_warn("%s write out 'max-ring-page-order' failed\n", __func__); + /* + * This informs userspace that the "opened" node will be set to "1" when + * the device has been opened successfully. + */ + err = xenbus_write(XBT_NIL, dev->nodename, "opened", "0"); + if (err) + goto fail; + err = xenbus_switch_state(dev, XenbusStateInitWait); if (err) goto fail; @@ -826,6 +848,19 @@ static void backend_changed(struct xenbus_watch *watch, goto fail; } + /* + * Tell userspace that the device has been opened and that blkback has a + * reference to it. Userspace can then close the device or mark it as + * delete-on-close, knowing that blkback will keep the device open as + * long as necessary. + */ + err = xenbus_write(XBT_NIL, dev->nodename, "opened", "1"); + if (err) { + xenbus_dev_fatal(dev, err, "%s: notifying userspace device has been opened", + dev->nodename); + goto free_vbd; + } + err = xenvbd_sysfs_addif(dev); if (err) { xenbus_dev_fatal(dev, err, "creating sysfs entries");