Re: [PATCH] tty: n_gsm: restrict tty devices to attach
From: Greg Kroah-Hartman
Date: Tue Feb 06 2024 - 09:28:36 EST
On Sat, Feb 03, 2024 at 10:45:53PM +0900, Tetsuo Handa wrote:
> On 2024/01/24 22:14, Greg Kroah-Hartman wrote:
> >> @@ -3630,6 +3631,17 @@ static int gsmld_open(struct tty_struct *tty)
> >> if (tty->ops->write == NULL)
> >> return -EINVAL;
> >>
> >> + major = tty->driver->major;
> >> + /* Reject Virtual consoles */
> >> + if (major == 4 && tty->driver->minor_start == 1)
> >> + return -EINVAL;
> >> + /* Reject Unix98 PTY masters/slaves */
> >> + if (major >= 128 && major <= 143)
> >> + return -EINVAL;
> >> + /* Reject BSD PTY masters/slaves */
> >> + if (major >= 2 && major <= 3)
> >> + return -EINVAL;
> >
> > That is a lot of hard-coded magic numbers, why aren't these defined
> > anywhere?
>
> Well, include/uapi/linux/major.h defines
>
> #define TTY_MAJOR 4
> #define UNIX98_PTY_MASTER_MAJOR 128
> #define UNIX98_PTY_MAJOR_COUNT 8
> #define UNIX98_PTY_SLAVE_MAJOR (UNIX98_PTY_MASTER_MAJOR+UNIX98_PTY_MAJOR_COUNT)
> #define PTY_MASTER_MAJOR 2
> #define PTY_SLAVE_MAJOR 3
>
> but does not define end of UNIX98_PTY_SLAVE_MAJOR range, and
> no file defines start of minor number for virtual consoles.
Then use the ones you have, don't make us be forced to figure out what
is going on please.
> Does fixing this bug worth updating include/uapi/linux/major.h and adding
> include/uapi/linux/minor.h ? Since these numbers won't change, I feel that
> a line of comment is sufficient.
No, don't add new ones where not needed.
> > But really, this is only for fuzz testers, why can't they just not ever
> > bind this to a console? Why do we have to have these checks in the
> > kernel to prevent userspace from doing dumb things that no real
> > userspace will ever do?
>
> Fuzz testing is for testing unexpected arguments. This bug is nothing but
> missing validation that should be fixed on the kernel side rather than
> trying to tune fuzzers.
I'll push back on this, fuzzers, running as root, can easily crash the
kernel as root can crash the kernel easily. So trying to keep the
kernel from hurting itself like this is odd to me.
Again, just tell the fuzzers to not do this. I don't want random
hard-coded numbers in here, that's adding maintance requirements on us
in the kernel for random userspace tools doing random things :(
thanks,
greg k-h