On Wed, Dec 18, 2019 at 05:39:29PM +0100, Arnd Bergmann wrote:
+/* disallow y2038-unsafe ioctls with CONFIG_COMPAT_32BIT_TIME=n */ +static bool xfs_have_compat_bstat_time32(unsigned int cmd) +{
- if (IS_ENABLED(CONFIG_COMPAT_32BIT_TIME))
return true;- if (IS_ENABLED(CONFIG_64BIT) && !in_compat_syscall())
return true;- if (cmd == XFS_IOC_FSBULKSTAT_SINGLE ||
cmd == XFS_IOC_FSBULKSTAT ||cmd == XFS_IOC_SWAPEXT)return false;- return true;
I think the check for the individual command belongs into the callers, which laves us with:
static inline bool have_time32(void) { return IS_ENABLED(CONFIG_COMPAT_32BIT_TIME) || (IS_ENABLED(CONFIG_64BIT) && !in_compat_syscall()); }
and that looks like it should be in a generic helper somewhere.
STATIC int xfs_ioc_fsbulkstat( xfs_mount_t *mp, @@ -637,6 +655,9 @@ xfs_ioc_fsbulkstat( if (!capable(CAP_SYS_ADMIN)) return -EPERM;
- if (!xfs_have_compat_bstat_time32(cmd))
return -EINVAL;
Here we can simply check for cmd != XFS_IOC_FSINUMBERS before the call.
if (XFS_FORCED_SHUTDOWN(mp)) return -EIO; @@ -1815,6 +1836,11 @@ xfs_ioc_swapext( struct fd f, tmp; int error = 0;
- if (!xfs_have_compat_bstat_time32(XFS_IOC_SWAPEXT)) {
error = -EINVAL;goto out;- }
And for this one we just have one cmd anyway. But I actually still disagree with the old_time check for this one entirely, as voiced on one of the last iterations. For swapext the time stamp really is only used as a generation counter, so overflows are entirely harmless.