On Fri, 19 Jul 2013 15:46:18 +1000
Dave Chinner <david@xxxxxxxxxxxxx> wrote:
> On Wed, Jul 17, 2013 at 11:47:40AM -0400, Dwight Engen wrote:
> > Have eofblocks ioctl convert uid_t to kuid_t into internal
> > structure. Update internal filter matching to compare ids with
> > kuid_t types.
> >
> > Signed-off-by: Dwight Engen <dwight.engen@xxxxxxxxxx>
> ....
> >
> > +static inline void
> > +xfs_fs_eofblocks_to_internal(
> > + struct xfs_fs_eofblocks *src,
> > + struct xfs_eofblocks *dst)
>
> I'd prefer that be named xfs_fs_eofblocks_from_user() to make it
> clear that we don't trust the contents of src at all...
Sure, I'll rename it.
> > +{
> > + dst->eof_flags = src->eof_flags;
> > + dst->eof_prid = src->eof_prid;
> > + dst->eof_min_file_size = src->eof_min_file_size;
> > + dst->eof_uid = make_kuid(current_user_ns(), src->eof_uid);
> > + dst->eof_gid = make_kgid(current_user_ns(), src->eof_gid);
> > +}
> > +
> > #endif
> > diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> > index 8edc780..abbbdcf 100644
> > --- a/fs/xfs/xfs_ioctl.c
> > +++ b/fs/xfs/xfs_ioctl.c
> > @@ -1610,7 +1610,8 @@ xfs_file_ioctl(
> > return -error;
> >
> > case XFS_IOC_FREE_EOFBLOCKS: {
> > - struct xfs_eofblocks eofb;
> > + struct xfs_fs_eofblocks eofb;
> > + struct xfs_eofblocks keofb;
> >
> > if (copy_from_user(&eofb, arg, sizeof(eofb)))
> > return -XFS_ERROR(EFAULT);
> > @@ -1625,7 +1626,17 @@ xfs_file_ioctl(
> > memchr_inv(eofb.pad64, 0, sizeof(eofb.pad64)))
> > return -XFS_ERROR(EINVAL);
> >
> > - error = xfs_icache_free_eofblocks(mp, &eofb);
> > + xfs_fs_eofblocks_to_internal(&eofb, &keofb);
> > +
> > + if (keofb.eof_flags & XFS_EOF_FLAGS_UID &&
> > + !uid_valid(keofb.eof_uid))
> > + return XFS_ERROR(EINVAL);
> > +
> > + if (keofb.eof_flags & XFS_EOF_FLAGS_GID &&
> > + !gid_valid(keofb.eof_gid))
> > + return XFS_ERROR(EINVAL);
>
> And I think these two checks should be in
> xfs_fs_eofblocks_from_user(), hence pushing all the conversion and
> validation of the user-supplied parameters into the one function.
>
> Also, we need to return negative errors from this function....
That is the way I originally had it in v3 but Brian had suggested
(http://oss.sgi.com/archives/xfs/2013-06/msg00952.html) it might be
better to move the policy out of the conversion function and put it in
ioctl itself. I agree with you that makes sense to have it all together
so I'm happy to put it back in xfs_fs_eofblocks_from_user().
> > + error = xfs_icache_free_eofblocks(mp, &keofb);
> > return -error;
>
> return -xfs_icache_free_eofblocks(mp, &keofb);
>
> Cheers,
>
> Dave.
_______________________________________________
xfs mailing list
xfs@xxxxxxxxxxx
http://oss.sgi.com/mailman/listinfo/xfs
