On Fri, Mar 19, 2021 at 4:06 PM Alessio Balsini <balsini@xxxxxxxxxxx> wrote:
>
> With commit f8425c939663 ("fuse: 32-bit user space ioctl compat for fuse
> device") the matching constraints for the FUSE_DEV_IOC_CLONE ioctl
> command are relaxed, limited to the testing of command type and number.
> As Arnd noticed, this is wrong as it wouldn't ensure the correctness of
> the data size or direction for the received FUSE device ioctl.
>
> Fix by bringing back the comparison of the ioctl received by the FUSE
> device to the originally generated FUSE_DEV_IOC_CLONE.
>
> Fixes: f8425c939663 ("fuse: 32-bit user space ioctl compat for fuse device")
> Reported-by: Arnd Bergmann <arnd@xxxxxxxxxx>
> Signed-off-by: Alessio Balsini <balsini@xxxxxxxxxxx>
Thanks, applied. I'm holding this till the 5.13 merge window unless
a more series fuse issue emerges in the meantime
Thanks,
Miklos
