mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/afs/xdr_fs.h

117 lines
2.7 KiB
C
Raw Permalink Normal View History

treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 Based on 1 normalized pattern(s): this program is free software you can redistribute it and or modify it under the terms of the gnu general public licence as published by the free software foundation either version 2 of the licence or at your option any later version extracted by the scancode license scanner the SPDX license identifier GPL-2.0-or-later has been chosen to replace the boilerplate/reference in 114 file(s). Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Allison Randal <allison@lohutok.net> Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org> Cc: linux-spdx@vger.kernel.org Link: https://lkml.kernel.org/r/20190520170857.552531963@linutronix.de Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-20 17:08:01 +00:00
/* SPDX-License-Identifier: GPL-2.0-or-later */
afs: Rearrange status mapping Rearrange the AFSFetchStatus to inode attribute mapping code in a number of ways: (1) Use an XDR structure rather than a series of incremented pointer accesses when decoding an AFSFetchStatus object. This allows out-of-order decode. (2) Don't store the if_version value but rather just check it and abort if it's not something we can handle. (3) Store the owner and group in the status record as raw values rather than converting them to kuid/kgid. Do that when they're mapped into i_uid/i_gid. (4) Validate the type and abort code up front and abort if they're wrong. (5) Split the inode attribute setting out into its own function from the XDR decode of an AFSFetchStatus object. This allows it to be called from elsewhere too. (6) Differentiate changes to data from changes to metadata. (7) Use the split-out attribute mapping function from afs_iget(). Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:24 +00:00
/* AFS fileserver XDR types
*
* Copyright (C) 2018 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*/
#ifndef XDR_FS_H
#define XDR_FS_H
struct afs_xdr_AFSFetchStatus {
__be32 if_version;
#define AFS_FSTATUS_VERSION 1
__be32 type;
__be32 nlink;
__be32 size_lo;
__be32 data_version_lo;
__be32 author;
__be32 owner;
__be32 caller_access;
__be32 anon_access;
__be32 mode;
__be32 parent_vnode;
__be32 parent_unique;
__be32 seg_size;
__be32 mtime_client;
__be32 mtime_server;
__be32 group;
__be32 sync_counter;
__be32 data_version_hi;
__be32 lock_count;
__be32 size_hi;
__be32 abort_code;
} __packed;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
#define AFS_DIR_HASHTBL_SIZE 128
#define AFS_DIR_DIRENT_SIZE 32
#define AFS_DIR_SLOTS_PER_BLOCK 64
#define AFS_DIR_BLOCK_SIZE 2048
#define AFS_DIR_BLOCKS_PER_PAGE (PAGE_SIZE / AFS_DIR_BLOCK_SIZE)
#define AFS_DIR_MAX_SLOTS 65536
#define AFS_DIR_BLOCKS_WITH_CTR 128
#define AFS_DIR_MAX_BLOCKS 1023
#define AFS_DIR_RESV_BLOCKS 1
#define AFS_DIR_RESV_BLOCKS0 13
/*
* Directory entry structure.
*/
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
union afs_xdr_dirent {
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
struct {
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
u8 valid;
u8 unused[1];
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
__be16 hash_next;
__be32 vnode;
__be32 unique;
afs: Work around strnlen() oops with CONFIG_FORTIFIED_SOURCE=y AFS has a structured layout in its directory contents (AFS dirs are downloaded as files and parsed locally by the client for lookup/readdir). The slots in the directory are defined by union afs_xdr_dirent. This, however, only directly allows a name of a length that will fit into that union. To support a longer name, the next 1-8 contiguous entries are annexed to the first one and the name flows across these. afs_dir_iterate_block() uses strnlen(), limited to the space to the end of the page, to find out how long the name is. This worked fine until 6a39e62abbaf. With that commit, the compiler determines the size of the array and asserts that the string fits inside that array. This is a problem for AFS because we *expect* it to overflow one or more arrays. A similar problem also occurs in afs_dir_scan_block() when a directory file is being locally edited to avoid the need to redownload it. There strlen() was being used safely because each page has the last byte set to 0 when the file is downloaded and validated (in afs_dir_check_page()). Fix this by changing the afs_xdr_dirent union name field to an indeterminate-length array and dropping the overflow field. (Note that whilst looking at this, I realised that the calculation of the number of slots a dirent used is non-standard and not quite right, but I'll address that in a separate patch.) The issue can be triggered by something like: touch /afs/example.com/thisisaveryveryverylongname and it generates a report that looks like: detected buffer overflow in strnlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! ... RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: afs_dir_iterate_block+0x12b/0x35b afs_dir_iterate+0x14e/0x1ce afs_do_lookup+0x131/0x417 afs_lookup+0x24f/0x344 lookup_open.isra.0+0x1bb/0x27d open_last_lookups+0x166/0x237 path_openat+0xe0/0x159 do_filp_open+0x48/0xa4 ? kmem_cache_alloc+0xf5/0x16e ? __clear_close_on_exec+0x13/0x22 ? _raw_spin_unlock+0xa/0xb do_sys_openat2+0x72/0xde do_sys_open+0x3b/0x58 do_syscall_64+0x2d/0x3a entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 6a39e62abbaf ("lib: string.h: detect intra-object overflow in fortified string functions") Reported-by: Marc Dionne <marc.dionne@auristor.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com> cc: Daniel Axtens <dja@axtens.net>
2020-12-21 22:37:58 +00:00
u8 name[];
/* When determining the number of dirent slots needed to
* represent a directory entry, name should be assumed to be 16
* bytes, due to a now-standardised (mis)calculation, but it is
afs: Fix directory entry size calculation The number of dirent records used by an AFS directory entry should be calculated using the assumption that there is a 16-byte name field in the first block, rather than a 20-byte name field (which is actually the case). This miscalculation is historic and effectively standard, so we have to use it. The calculation we need to use is: 1 + (((strlen(name) + 1) + 15) >> 5) where we are adding one to the strlen() result to account for the NUL termination. Fix this by the following means: (1) Create an inline function to do the calculation for a given name length. (2) Use the function to calculate the number of records used for a dirent in afs_dir_iterate_block(). Use this to move the over-end check out of the loop since it only needs to be done once. Further use this to only go through the loop for the 2nd+ records composing an entry. The only test there now is for if the record is allocated - and we already checked the first block at the top of the outer loop. (3) Add a max name length check in afs_dir_iterate_block(). (4) Make afs_edit_dir_add() and afs_edit_dir_remove() use the function from (1) to calculate the number of blocks rather than doing it incorrectly themselves. Fixes: 63a4681ff39c ("afs: Locally edit directory data for mkdir/create/unlink/...") Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com>
2020-12-23 10:39:57 +00:00
* in fact 20 bytes in size. afs_dir_calc_slots() should be
* used for this.
afs: Work around strnlen() oops with CONFIG_FORTIFIED_SOURCE=y AFS has a structured layout in its directory contents (AFS dirs are downloaded as files and parsed locally by the client for lookup/readdir). The slots in the directory are defined by union afs_xdr_dirent. This, however, only directly allows a name of a length that will fit into that union. To support a longer name, the next 1-8 contiguous entries are annexed to the first one and the name flows across these. afs_dir_iterate_block() uses strnlen(), limited to the space to the end of the page, to find out how long the name is. This worked fine until 6a39e62abbaf. With that commit, the compiler determines the size of the array and asserts that the string fits inside that array. This is a problem for AFS because we *expect* it to overflow one or more arrays. A similar problem also occurs in afs_dir_scan_block() when a directory file is being locally edited to avoid the need to redownload it. There strlen() was being used safely because each page has the last byte set to 0 when the file is downloaded and validated (in afs_dir_check_page()). Fix this by changing the afs_xdr_dirent union name field to an indeterminate-length array and dropping the overflow field. (Note that whilst looking at this, I realised that the calculation of the number of slots a dirent used is non-standard and not quite right, but I'll address that in a separate patch.) The issue can be triggered by something like: touch /afs/example.com/thisisaveryveryverylongname and it generates a report that looks like: detected buffer overflow in strnlen ------------[ cut here ]------------ kernel BUG at lib/string.c:1149! ... RIP: 0010:fortify_panic+0xf/0x11 ... Call Trace: afs_dir_iterate_block+0x12b/0x35b afs_dir_iterate+0x14e/0x1ce afs_do_lookup+0x131/0x417 afs_lookup+0x24f/0x344 lookup_open.isra.0+0x1bb/0x27d open_last_lookups+0x166/0x237 path_openat+0xe0/0x159 do_filp_open+0x48/0xa4 ? kmem_cache_alloc+0xf5/0x16e ? __clear_close_on_exec+0x13/0x22 ? _raw_spin_unlock+0xa/0xb do_sys_openat2+0x72/0xde do_sys_open+0x3b/0x58 do_syscall_64+0x2d/0x3a entry_SYSCALL_64_after_hwframe+0x44/0xa9 Fixes: 6a39e62abbaf ("lib: string.h: detect intra-object overflow in fortified string functions") Reported-by: Marc Dionne <marc.dionne@auristor.com> Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com> cc: Daniel Axtens <dja@axtens.net>
2020-12-21 22:37:58 +00:00
*
* For names longer than (16 or) 20 bytes, extra slots should
* be annexed to this one using the extended_name format.
*/
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
} u;
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
u8 extended_name[32];
} __packed;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
/*
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
* Directory block header (one at the beginning of every 2048-byte block).
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
*/
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
struct afs_xdr_dir_hdr {
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
__be16 npages;
__be16 magic;
#define AFS_DIR_MAGIC htons(1234)
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
u8 reserved;
u8 bitmap[8];
u8 pad[19];
} __packed;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
/*
* Directory block layout
*/
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
union afs_xdr_dir_block {
struct afs_xdr_dir_hdr hdr;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
struct {
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
struct afs_xdr_dir_hdr hdr;
u8 alloc_ctrs[AFS_DIR_MAX_BLOCKS];
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
__be16 hashtable[AFS_DIR_HASHTBL_SIZE];
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
} meta;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
union afs_xdr_dirent dirents[AFS_DIR_SLOTS_PER_BLOCK];
} __packed;
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
/*
* Directory layout on a linux VM page.
*/
afs: Adjust the directory XDR structures Adjust the AFS directory XDR structures in a number of superficial ways: (1) Rename them to all begin afs_xdr_. (2) Use u8 instead of uint8_t. (3) Mark the structures as __packed so they don't get rearranged by the compiler. (4) Rename the hdr member of afs_xdr_dir_block to meta. (5) Rename the pagehdr member of afs_xdr_dir_block to hdr. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
struct afs_xdr_dir_page {
union afs_xdr_dir_block blocks[AFS_DIR_BLOCKS_PER_PAGE];
afs: Split the directory content defs into a header Split the directory content definitions into a header file so that they can be used by multiple .c files. Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:25 +00:00
};
afs: Fix directory entry size calculation The number of dirent records used by an AFS directory entry should be calculated using the assumption that there is a 16-byte name field in the first block, rather than a 20-byte name field (which is actually the case). This miscalculation is historic and effectively standard, so we have to use it. The calculation we need to use is: 1 + (((strlen(name) + 1) + 15) >> 5) where we are adding one to the strlen() result to account for the NUL termination. Fix this by the following means: (1) Create an inline function to do the calculation for a given name length. (2) Use the function to calculate the number of records used for a dirent in afs_dir_iterate_block(). Use this to move the over-end check out of the loop since it only needs to be done once. Further use this to only go through the loop for the 2nd+ records composing an entry. The only test there now is for if the record is allocated - and we already checked the first block at the top of the outer loop. (3) Add a max name length check in afs_dir_iterate_block(). (4) Make afs_edit_dir_add() and afs_edit_dir_remove() use the function from (1) to calculate the number of blocks rather than doing it incorrectly themselves. Fixes: 63a4681ff39c ("afs: Locally edit directory data for mkdir/create/unlink/...") Fixes: ^1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Marc Dionne <marc.dionne@auristor.com>
2020-12-23 10:39:57 +00:00
/*
* Calculate the number of dirent slots required for any given name length.
* The calculation is made assuming the part of the name in the first slot is
* 16 bytes, rather than 20, but this miscalculation is now standardised.
*/
static inline unsigned int afs_dir_calc_slots(size_t name_len)
{
name_len++; /* NUL-terminated */
return 1 + ((name_len + 15) / AFS_DIR_DIRENT_SIZE);
}
afs: Rearrange status mapping Rearrange the AFSFetchStatus to inode attribute mapping code in a number of ways: (1) Use an XDR structure rather than a series of incremented pointer accesses when decoding an AFSFetchStatus object. This allows out-of-order decode. (2) Don't store the if_version value but rather just check it and abort if it's not something we can handle. (3) Store the owner and group in the status record as raw values rather than converting them to kuid/kgid. Do that when they're mapped into i_uid/i_gid. (4) Validate the type and abort code up front and abort if they're wrong. (5) Split the inode attribute setting out into its own function from the XDR decode of an AFSFetchStatus object. This allows it to be called from elsewhere too. (6) Differentiate changes to data from changes to metadata. (7) Use the split-out attribute mapping function from afs_iget(). Signed-off-by: David Howells <dhowells@redhat.com>
2018-04-06 13:17:24 +00:00
#endif /* XDR_FS_H */