|
Luís Henriques |
879fc9 |
From: Luis Henriques <lhenriques@suse.de>
|
|
Luís Henriques |
879fc9 |
Subject: [PATCH] fuse: handle kABI change in struct fuse_args
|
|
Luís Henriques |
879fc9 |
Patch-mainline: Never, kABI fix
|
|
Luís Henriques |
879fc9 |
References: bsc#1197343 CVE-2022-1011
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
Commit 0c4bcfdecb1a ("fuse: fix pipe buffer lifetime for direct_io")
|
|
Luís Henriques |
879fc9 |
requires a kABI fix as it adds a field to struct fuse_args. Fortunately,
|
|
Luís Henriques |
879fc9 |
that struct has a hole immediately after the bit fields, so using the
|
|
Luís Henriques |
879fc9 |
__GENKSYMS__ magic seems appropriate. Here's the pahole output:
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
$ pahole -C fuse_args fuse.ko
|
|
Luís Henriques |
879fc9 |
struct fuse_args {
|
|
Luís Henriques |
879fc9 |
uint64_t nodeid; /* 0 8 */
|
|
Luís Henriques |
879fc9 |
uint32_t opcode; /* 8 4 */
|
|
Luís Henriques |
879fc9 |
short unsigned int in_numargs; /* 12 2 */
|
|
Luís Henriques |
879fc9 |
short unsigned int out_numargs; /* 14 2 */
|
|
Luís Henriques |
879fc9 |
bool force:1; /* 16: 0 1 */
|
|
Luís Henriques |
879fc9 |
bool noreply:1; /* 16: 1 1 */
|
|
Luís Henriques |
879fc9 |
bool nocreds:1; /* 16: 2 1 */
|
|
Luís Henriques |
879fc9 |
bool in_pages:1; /* 16: 3 1 */
|
|
Luís Henriques |
879fc9 |
bool out_pages:1; /* 16: 4 1 */
|
|
Luís Henriques |
879fc9 |
bool out_argvar:1; /* 16: 5 1 */
|
|
Luís Henriques |
879fc9 |
bool page_zeroing:1; /* 16: 6 1 */
|
|
Luís Henriques |
879fc9 |
bool page_replace:1; /* 16: 7 1 */
|
|
Luís Henriques |
879fc9 |
bool may_block:1; /* 17: 0 1 */
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
/* XXX 7 bits hole, try to pack */
|
|
Luís Henriques |
879fc9 |
/* XXX 6 bytes hole, try to pack */
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
struct fuse_in_arg in_args[3]; /* 24 48 */
|
|
Luís Henriques |
879fc9 |
/* --- cacheline 1 boundary (64 bytes) was 8 bytes ago --- */
|
|
Luís Henriques |
879fc9 |
struct fuse_arg out_args[2]; /* 72 32 */
|
|
Luís Henriques |
879fc9 |
void (*end)(struct fuse_mount *, struct fuse_args *, int); /* 104 8 */
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
/* size: 112, cachelines: 2, members: 16 */
|
|
Luís Henriques |
879fc9 |
/* sum members: 104, holes: 1, sum holes: 6 */
|
|
Luís Henriques |
879fc9 |
/* sum bitfield members: 9 bits, bit holes: 1, sum bit holes: 7 bits */
|
|
Luís Henriques |
879fc9 |
/* last cacheline: 48 bytes */
|
|
Luís Henriques |
879fc9 |
};
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
Signed-off-by: Luís Henriques <lhenriques@suse.de>
|
|
Luís Henriques |
879fc9 |
---
|
|
Luís Henriques |
879fc9 |
fs/fuse/fuse_i.h | 4 +++-
|
|
Luís Henriques |
879fc9 |
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
Luís Henriques |
879fc9 |
|
|
Luís Henriques |
879fc9 |
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
|
|
Luís Henriques |
879fc9 |
index eac4984cc753..f22a0b8b57a1 100644
|
|
Luís Henriques |
879fc9 |
--- a/fs/fuse/fuse_i.h
|
|
Luís Henriques |
879fc9 |
+++ b/fs/fuse/fuse_i.h
|
|
Luís Henriques |
879fc9 |
@@ -256,11 +256,13 @@ struct fuse_args {
|
|
Luís Henriques |
879fc9 |
bool nocreds:1;
|
|
Luís Henriques |
879fc9 |
bool in_pages:1;
|
|
Luís Henriques |
879fc9 |
bool out_pages:1;
|
|
Luís Henriques |
879fc9 |
- bool user_pages:1;
|
|
Luís Henriques |
879fc9 |
bool out_argvar:1;
|
|
Luís Henriques |
879fc9 |
bool page_zeroing:1;
|
|
Luís Henriques |
879fc9 |
bool page_replace:1;
|
|
Luís Henriques |
879fc9 |
bool may_block:1;
|
|
Luís Henriques |
879fc9 |
+#ifndef __GENKSYMS__
|
|
Luís Henriques |
879fc9 |
+ bool user_pages:1;
|
|
Luís Henriques |
879fc9 |
+#endif
|
|
Luís Henriques |
879fc9 |
struct fuse_in_arg in_args[3];
|
|
Luís Henriques |
879fc9 |
struct fuse_arg out_args[2];
|
|
Luís Henriques |
879fc9 |
void (*end)(struct fuse_mount *fm, struct fuse_args *args, int error);
|