On Tue, Dec 8, 2020 at 10:38 AM Chirantan Ekbote <chirantan@xxxxxxxxxxxx> wrote:
>
> Chrome OS would like to support this ioctl when passed through the fuse
> driver. However since it is dynamically sized, we can't rely on the
> length encoded in the command. Instead check the `policy_size` field of
> the user provided parameter to get the max length of the data returned
> by the server.
I'd also maximize the length at sizeof(union fscrypt_policy). I.e.
virtiofs doesn't need to support higher level versions than the client
kernel supports.
Also, I'm thinking about whether it's safe to enable in plain fuse in
addition to virtiofs. I don't see a reason for not doing so, but
maybe it makes sense to keep disabled until a use case comes up.
Thanks,
Miklos
>
> Signed-off-by: Chirantan Ekbote <chirantan@xxxxxxxxxxxx>
> ---
> fs/fuse/file.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
> diff --git a/fs/fuse/file.c b/fs/fuse/file.c
> index 69cffb77a0b25..b64ff7f2fe4dd 100644
> --- a/fs/fuse/file.c
> +++ b/fs/fuse/file.c
> @@ -19,6 +19,7 @@
> #include <linux/falloc.h>
> #include <linux/uio.h>
> #include <linux/fs.h>
> +#include <linux/fscrypt.h>
>
> static struct page **fuse_pages_alloc(unsigned int npages, gfp_t flags,
> struct fuse_page_desc **desc)
> @@ -2710,6 +2711,21 @@ static int fuse_get_ioctl_len(unsigned int cmd, unsigned long arg, size_t *len)
> case FS_IOC_SETFLAGS:
> *len = sizeof(int);
> break;
> + case FS_IOC_GET_ENCRYPTION_POLICY_EX: {
> + __u64 policy_size;
> + struct fscrypt_get_policy_ex_arg __user *uarg =
> + (struct fscrypt_get_policy_ex_arg __user *)arg;
> +
> + if (copy_from_user(&policy_size, &uarg->policy_size,
> + sizeof(policy_size)))
> + return -EFAULT;
> +
> + if (policy_size > SIZE_MAX - sizeof(policy_size))
> + return -EINVAL;
> +
> + *len = sizeof(policy_size) + policy_size;
> + break;
> + }
> default:
> *len = _IOC_SIZE(cmd);
> break;
> --
> 2.29.2.576.ga3fc446d84-goog
>
