• Darrick J. Wong's avatar
    xfs: kill the XFS_IOC_{ALLOC,FREE}SP* ioctls · 4d1b97f9
    Darrick J. Wong authored
    According to the glibc compat header for Irix 4, these ioctls originated
    in April 1991 as a (somewhat clunky) way to preallocate space at the end
    of a file on an EFS filesystem.  XFS, which was released in Irix 5.3 in
    December 1993, picked up these ioctls to maintain compatibility and they
    were ported to Linux in the early 2000s.
    
    Recently it was pointed out to me they still lurk in the kernel, even
    though the Linux fallocate syscall supplanted the functionality a long
    time ago.  fstests doesn't seem to include any real functional or stress
    tests for these ioctls, which means that the code quality is ... very
    questionable.  Most notably, it was a stale disk block exposure vector
    for 21 years and nobody noticed or complained.  As mature programmers
    say, "If you're not testing it, it's broken."
    
    Given all that, let's withdraw these ioctls from the XFS userspace API.
    Normally we'd set a long deprecation process, but I estimate that there
    aren't any real users, so let's trigger a warning in dmesg and return
    -ENOTTY.
    
    See: CVE-2021-4155
    
    Augments: 983d8e60 ("xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate")
    Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
    Reviewed-by: default avatarEric Sandeen <sandeen@redhat.com>
    Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
    4d1b97f9
xfs_ioctl32.c 14.3 KB