From nobody Tue Sep 23 12:03:27 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cWJXc2mBcz68Y9C; Tue, 23 Sep 2025 12:03:28 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cWJXb4rl0z3Dd0; Tue, 23 Sep 2025 12:03:27 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758629007; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+1GWqzi125gLd0cfRkLLk0ZYU+SArOO6Gy4F7qkZYg8=; b=taHP89G9aJ8KxTz4Dav2OxBbY0W0EQArGHieMT2VkEKFkeptP9zC0Jb9tFRSzWjT+Se8to SINhj/t/0F+1lG3YBMkKMhJcBzC4qUPNFNOSC5/4eSwYlWkt/lzniSDQPFxfsEE79CLAPz dwHTzSbRoHB6OjmxZpoPh1xqlv1Vr4cbPVl5vEkT1Chu2WmVbMaQGLZaNY5YJnK+++DUGm 48nmvNvQyTo0lx3aSFXM9Ph+vAbFx0MDHr0bdWWPtX1wl7qscsx3oocw929j6duV2WcL5O Kvk6MWe53MndNHDiPo1Xq3UfasD1WZeX6SKVsaHRj49fmpJktn+d+Rb1KejVmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1758629007; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+1GWqzi125gLd0cfRkLLk0ZYU+SArOO6Gy4F7qkZYg8=; b=FmUrj67D9+YSX8LcN6Wftqub0s7q1v0SU9e7VaI2zZA9rXi+6Ja5HeY+V4R7VEl/G7Xa+t XS8XPlrUG5atSHZTCJ4ak24zhuZqnfd5oYFR4P1qLjnq886RlSIODenfSrv5bkZ4RKIpeL 5DRhW148bEXoCRtEqPhzK+FgE2LLB3NJvCoUtuoT95oNqVaBIwoPZv5KvHmmRJpk/olv4A pv4cJOkQfXV/5GQuyNttfp1DubTxWXCyoCGMfw7ftf95q8rA57sHfGIjvvKVFNibe7hjI0 T1USPS+5lM44M6qfxgC8yofDOlfGqBEDGJzR64VA6J/kkef+yNNQg/TKJvpclw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1758629007; a=rsa-sha256; cv=none; b=nuuYLv/wvtpzmCT2bgEz+2E42rSh8VXR7umv11+jkxwD7Ngy1bGeya8N4mdp/T6a8Pblje hoWMkQPGqi6yMqwSUnhs+2/SltLvOGf2WKT4WdHgLolZMI7uJ5GKOqRRw4zXoSaJhyxqeS PxsWOMO/v/D7wY7NwJ5NegkVjHz/fSnnNQXDYBi17OkCacGKkhHCmWfDi6XDpTz/8zJr6E zWTWDEaWnKGgE1hwwRfM5ekq8/VRKIxMQTsPLQQM1amgCLpEtougmQLzPBKDFWPk0OSZOz 5PB49bzQvdjT5uEj/+fx+Wa9BIk+FN+5yjagbEnYcisd94eFkk07M1v9C6Ux9Q== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cWJXb4QNCzllS; Tue, 23 Sep 2025 12:03:27 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 58NC3RVw008260; Tue, 23 Sep 2025 12:03:27 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 58NC3RQf008257; Tue, 23 Sep 2025 12:03:27 GMT (envelope-from git) Date: Tue, 23 Sep 2025 12:03:27 GMT Message-Id: <202509231203.58NC3RQf008257@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 97e7c06af75e - stable/15 - fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/15 X-Git-Reftype: branch X-Git-Commit: 97e7c06af75ef7899b925027ee779c9ee50de208 Auto-Submitted: auto-generated The branch stable/15 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=97e7c06af75ef7899b925027ee779c9ee50de208 commit 97e7c06af75ef7899b925027ee779c9ee50de208 Author: Olivier Certner AuthorDate: 2025-08-26 12:39:16 +0000 Commit: Olivier Certner CommitDate: 2025-09-23 12:02:41 +0000 fuse: Fix GID when sending FUSE_INTERRUPT to a FUSE daemon Due to the partial-only changes of commit 46c07316f906 ("kern: adopt the cr_gid macro for cr_groups[0] more widely"), subsequent commit be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") caused a mismatch between filling cr_groups[0] in 'reused_creds' in fuse_interrupt_send() and reading 'cr_gid' from it in fuse_setup_ihead(), with the consequence that the kernel would send a FUSE_INTERRUPT message to the FUSE deamon with an uninitialized GID in its header (which, besides being wrong, would disclose 4 bytes from its stack). Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 5 days MFC to: stable/15 Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52255 (cherry picked from commit d22592cd6fd2d39432add376dad460a66488a846) --- sys/fs/fuse/fuse_ipc.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/sys/fs/fuse/fuse_ipc.c b/sys/fs/fuse/fuse_ipc.c index a751c09159ff..7f754ab7f1d4 100644 --- a/sys/fs/fuse/fuse_ipc.c +++ b/sys/fs/fuse/fuse_ipc.c @@ -193,7 +193,6 @@ fuse_interrupt_send(struct fuse_ticket *otick, int err) struct fuse_data *data = otick->tk_data; struct fuse_ticket *tick, *xtick; struct ucred reused_creds; - gid_t reused_groups[1]; if (otick->irq_unique == 0) { /* @@ -237,8 +236,7 @@ fuse_interrupt_send(struct fuse_ticket *otick, int err) */ ftick_hdr = fticket_in_header(otick); reused_creds.cr_uid = ftick_hdr->uid; - reused_groups[0] = ftick_hdr->gid; - reused_creds.cr_groups = reused_groups; + reused_creds.cr_gid = ftick_hdr->gid; fdisp_init(&fdi, sizeof(*fii)); fdisp_make_pid(&fdi, FUSE_INTERRUPT, data, ftick_hdr->nodeid, ftick_hdr->pid, &reused_creds);