On Wed 10-09-25 16:36:47, Christian Brauner wrote:
> Validate extensible ioctls stricter than we do now.
>
> Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
Looks good. Feel free to add:
Reviewed-by: Jan Kara <jack@xxxxxxx>
Honza
> ---
> fs/nsfs.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index 59aa801347a7..34f0b35d3ead 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -169,9 +169,11 @@ static bool nsfs_ioctl_valid(unsigned int cmd)
> /* Extensible ioctls require some extra handling. */
> switch (_IOC_NR(cmd)) {
> case _IOC_NR(NS_MNT_GET_INFO):
> + return extensible_ioctl_valid(cmd, NS_MNT_GET_INFO, MNT_NS_INFO_SIZE_VER0);
> case _IOC_NR(NS_MNT_GET_NEXT):
> + return extensible_ioctl_valid(cmd, NS_MNT_GET_NEXT, MNT_NS_INFO_SIZE_VER0);
> case _IOC_NR(NS_MNT_GET_PREV):
> - return (_IOC_TYPE(cmd) == _IOC_TYPE(cmd));
> + return extensible_ioctl_valid(cmd, NS_MNT_GET_PREV, MNT_NS_INFO_SIZE_VER0);
> }
>
> return false;
>
> --
> 2.47.3
>
--
Jan Kara <jack@xxxxxxxx>
SUSE Labs, CR
