1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Copyright (c) 2022 Alejandro Guerrero <[email protected]>
4 * Copyright (c) 2023 Wei Gao <[email protected]>
5 */
6
7 /*\
8 * [Description]
9 *
10 * Test for CVE-2022-0185.
11 *
12 * References links:
13 *
14 * - https://www.openwall.com/lists/oss-security/2022/01/25/14
15 * - https://github.com/Crusaders-of-Rust/CVE-2022-0185
16 *
17 */
18
19 #include "tst_test.h"
20 #include "lapi/fsmount.h"
21
22 #define MNTPOINT "mntpoint"
23
24 static int fd = -1;
25
setup(void)26 static void setup(void)
27 {
28 fsopen_supported_by_kernel();
29 }
30
run(void)31 static void run(void)
32 {
33 char *val = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
34 long pagesize;
35
36 TEST(fd = fsopen(tst_device->fs_type, 0));
37 if (fd == -1)
38 tst_brk(TBROK | TTERRNO, "fsopen() failed");
39
40 pagesize = sysconf(_SC_PAGESIZE);
41 if (pagesize == -1)
42 tst_brk(TBROK, "sysconf(_SC_PAGESIZE) failed");
43
44 for (size_t i = 0; i < 5000; i++) {
45 /* use same logic in kernel legacy_parse_param function */
46 const size_t len = i * (strlen(val) + 2) + (strlen(val) + 1) + 2;
47
48 TEST(fsconfig(fd, FSCONFIG_SET_STRING, "\x00", val, 0));
49
50 /* Legacy fsconfig() just copies arguments to buffer */
51 if (!TST_RET && len <= (size_t)pagesize)
52 continue;
53
54 if (!TST_RET) {
55 tst_res(TFAIL, "fsconfig() passed unexpectedly");
56 } else if (TST_RET != -1) {
57 tst_brk(TBROK | TTERRNO,
58 "Invalid fsconfig() return value %ld", TST_RET);
59 } else if (TST_ERR != EINVAL) {
60 tst_res(TFAIL | TTERRNO,
61 "fsconfig() failed with unexpected error");
62 }
63 }
64
65 if (fd != -1)
66 SAFE_CLOSE(fd);
67
68 if (tst_taint_check())
69 tst_res(TFAIL, "kernel has issues on %s",
70 tst_device->fs_type);
71 else
72 tst_res(TPASS, "kernel seems to be fine on %s",
73 tst_device->fs_type);
74 }
75
cleanup(void)76 static void cleanup(void)
77 {
78 if (fd >= 0)
79 SAFE_CLOSE(fd);
80 }
81
82 static struct tst_test test = {
83 .test_all = run,
84 .setup = setup,
85 .cleanup = cleanup,
86 .needs_root = 1,
87 .format_device = 1,
88 .mntpoint = MNTPOINT,
89 .all_filesystems = 1,
90 .taint_check = TST_TAINT_W | TST_TAINT_D,
91 .skip_filesystems = (const char *const []){"fuse", NULL},
92 .tags = (const struct tst_tag[]) {
93 {"linux-git", "722d94847de29"},
94 {"CVE", "2022-0185"},
95 {}
96 }
97 };
98