From owner-svn-src-head@freebsd.org Thu Mar 7 11:00:10 2019 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 5D5F8152A191; Thu, 7 Mar 2019 11:00:10 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 68B46769F3; Thu, 7 Mar 2019 11:00:09 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id x27AxxsB047500 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Thu, 7 Mar 2019 13:00:02 +0200 (EET) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua x27AxxsB047500 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id x27Axx1c047499; Thu, 7 Mar 2019 12:59:59 +0200 (EET) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Thu, 7 Mar 2019 12:59:59 +0200 From: Konstantin Belousov To: Conrad Meyer Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r344857 - head/sys/fs/fuse Message-ID: <20190307105959.GJ2492@kib.kiev.ua> References: <201903062256.x26Munf3054948@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201903062256.x26Munf3054948@repo.freebsd.org> User-Agent: Mutt/1.11.3 (2019-02-01) X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FORGED_GMAIL_RCVD,FREEMAIL_FROM, NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tom.home X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Mar 2019 11:00:10 -0000 On Wed, Mar 06, 2019 at 10:56:49PM +0000, Conrad Meyer wrote: > Author: cem > Date: Wed Mar 6 22:56:49 2019 > New Revision: 344857 > URL: https://svnweb.freebsd.org/changeset/base/344857 > > Log: > FUSE: Prevent trivial panic > > When open(2) was invoked against a FUSE filesystem with an unexpected flags > value (no O_RDONLY / O_RDWR / O_WRONLY), an assertion fired, causing panic. Did you miss O_EXEC ? O_RDONLY is defined as zero, and we interpret the flags as having O_RDONLY if no other flags were passed. VFS guarantees that one of the O_EXEC/FREAD/FWRITE flag is always there. If it does not, it is bug. See the code at the start of kern_openat(). > > For now, prevent the panic by rejecting such VOP_OPENs with EINVAL. > > This is not considered the correct long term fix, but does prevent an > unprivileged denial-of-service. > > PR: 236329 > Reported by: asomers > Reviewed by: asomers > Sponsored by: Dell EMC Isilon > > Modified: > head/sys/fs/fuse/fuse_vnops.c > > Modified: head/sys/fs/fuse/fuse_vnops.c > ============================================================================== > --- head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:13:53 2019 (r344856) > +++ head/sys/fs/fuse/fuse_vnops.c Wed Mar 6 22:56:49 2019 (r344857) > @@ -1174,6 +1174,9 @@ fuse_vnop_open(struct vop_open_args *ap) > if (fuse_isdeadfs(vp)) { > return ENXIO; > } > + if ((mode & (FREAD | FWRITE)) == 0) > + return EINVAL; > + > fvdat = VTOFUD(vp); > > if (vnode_isdir(vp)) {