From: Johannes Berg <johannes.berg@xxxxxxxxx>
commit 267ed02c2121b75e0eaaa338240453b576039e4a upstream.
dev_t is a kernel type and may have different definitions
in kernel and userspace. On 32-bit x86 this currently makes
the stat structure being 4 bytes longer in the user code,
causing stack corruption.
However, this is (potentially) not the only problem, since
dev_t is a different type on user/kernel side, so we don't
know that the major/minor encoding isn't also different.
Decode/encode it instead to address both problems.
Cc: stable@xxxxxxxxxxxxxxx
Fixes: 74ce793bcbde ("hostfs: Fix ephemeral inodes")
Link: https://patch.msgid.link/20240702092440.acc960585dd5.Id0767e12f562a69c6cd3c3262dc3d765db350cf6@changeid
Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/hostfs/hostfs.h | 7 ++++---
fs/hostfs/hostfs_kern.c | 10 ++++++----
fs/hostfs/hostfs_user.c | 7 ++++---
3 files changed, 14 insertions(+), 10 deletions(-)
--- a/fs/hostfs/hostfs.h
+++ b/fs/hostfs/hostfs.h
@@ -63,9 +63,10 @@ struct hostfs_stat {
struct hostfs_timespec atime, mtime, ctime;
unsigned int blksize;
unsigned long long blocks;
- unsigned int maj;
- unsigned int min;
- dev_t dev;
+ struct {
+ unsigned int maj;
+ unsigned int min;
+ } rdev, dev;
};
extern int stat_file(const char *path, struct hostfs_stat *p, int fd);
--- a/fs/hostfs/hostfs_kern.c
+++ b/fs/hostfs/hostfs_kern.c
@@ -530,10 +530,11 @@ static int hostfs_inode_update(struct in
static int hostfs_inode_set(struct inode *ino, void *data)
{
struct hostfs_stat *st = data;
- dev_t rdev;
+ dev_t dev, rdev;
/* Reencode maj and min with the kernel encoding.*/
- rdev = MKDEV(st->maj, st->min);
+ rdev = MKDEV(st->rdev.maj, st->rdev.min);
+ dev = MKDEV(st->dev.maj, st->dev.min);
switch (st->mode & S_IFMT) {
case S_IFLNK:
@@ -559,7 +560,7 @@ static int hostfs_inode_set(struct inode
return -EIO;
}
- HOSTFS_I(ino)->dev = st->dev;
+ HOSTFS_I(ino)->dev = dev;
ino->i_ino = st->ino;
ino->i_mode = st->mode;
return hostfs_inode_update(ino, st);
@@ -568,8 +569,9 @@ static int hostfs_inode_set(struct inode
static int hostfs_inode_test(struct inode *inode, void *data)
{
const struct hostfs_stat *st = data;
+ dev_t dev = MKDEV(st->dev.maj, st->dev.min);
- return inode->i_ino == st->ino && HOSTFS_I(inode)->dev == st->dev;
+ return inode->i_ino == st->ino && HOSTFS_I(inode)->dev == dev;
}
static struct inode *hostfs_iget(struct super_block *sb, char *name)
--- a/fs/hostfs/hostfs_user.c
+++ b/fs/hostfs/hostfs_user.c
@@ -34,9 +34,10 @@ static void stat64_to_hostfs(const struc
p->mtime.tv_nsec = 0;
p->blksize = buf->st_blksize;
p->blocks = buf->st_blocks;
- p->maj = os_major(buf->st_rdev);
- p->min = os_minor(buf->st_rdev);
- p->dev = buf->st_dev;
+ p->rdev.maj = os_major(buf->st_rdev);
+ p->rdev.min = os_minor(buf->st_rdev);
+ p->dev.maj = os_major(buf->st_dev);
+ p->dev.min = os_minor(buf->st_dev);
}
int stat_file(const char *path, struct hostfs_stat *p, int fd)
Patches currently in stable-queue which might be from johannes.berg@xxxxxxxxx are
queue-6.10/wifi-mac80211-add-ieee80211_tdls_sta_link_id.patch
queue-6.10/wifi-virt_wifi-don-t-use-strlen-in-const-context.patch
queue-6.10/wifi-nl80211-expose-can-monitor-channel-property.patch
queue-6.10/wifi-mac80211-fix-ttlm-teardown-work.patch
queue-6.10/wifi-mac80211-cancel-multi-link-reconf-work-on-disco.patch
queue-6.10/wifi-mac80211-reset-negotiated-ttlm-on-disconnect.patch
queue-6.10/wifi-cfg80211-handle-2x996-ru-allocation-in-cfg80211.patch
queue-6.10/wifi-iwlwifi-mvm-always-unblock-emlsr-on-roc-end.patch
queue-6.10/wifi-iwlwifi-mvm-don-t-skip-link-selection.patch
queue-6.10/wifi-cfg80211-fix-typo-in-cfg80211_calculate_bitrate.patch
queue-6.10/net-page_pool-fix-warning-code.patch
queue-6.10/wifi-mac80211-correcty-limit-wider-bw-tdls-stas.patch
queue-6.10/wifi-virt_wifi-avoid-reporting-connection-success-wi.patch
queue-6.10/hostfs-fix-dev_t-handling.patch
queue-6.10/wifi-mac80211-cancel-ttlm-teardown-work-earlier.patch
queue-6.10/wifi-iwlwifi-mvm-separate-non-bss-roc-emlsr-blocking.patch
queue-6.10/wifi-iwlwifi-mvm-fix-re-enabling-emlsr.patch
queue-6.10/wifi-mac80211-chanctx-emulation-set-change_channel-when-in_reconfig.patch
queue-6.10/wifi-iwlwifi-fix-iwl_mvm_get_valid_rx_ant.patch
