lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Mon, 17 Jan 2011 16:06:15 +0800
From:	Américo Wang <xiyou.wangcong@...il.com>
To:	Frederic Weisbecker <fweisbec@...il.com>
Cc:	Américo Wang <xiyou.wangcong@...il.com>,
	Dave Anderson <anderson@...hat.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] /proc/kcore: fix seeking

On Fri, Jan 14, 2011 at 05:29:19PM +0100, Frederic Weisbecker wrote:
>On Fri, Jan 14, 2011 at 05:44:42PM +0800, Américo Wang wrote:
>> On Tue, Jan 11, 2011 at 05:23:23PM +0100, Frederic Weisbecker wrote:
>> >On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
>> >> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
>> >> >From: Dave Anderson <anderson@...hat.com>
>> >> >
>> >> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
>> >> >("procfs: Use generic_file_llseek in /proc/kcore")
>> >> >broke seeking on /proc/kcore.  This changes it back
>> >> >to use default_llseek in order to restore the original
>> >> >behavior.
>> >> >
>> >> >The problem with generic_file_llseek is that it only
>> >> >allows seeks up to inode->i_sb->s_maxbytes, which is
>> >> >2GB-1 on procfs, where the memory file offset values in
>> >> >the /proc/kcore PT_LOAD segments may exceed or start
>> >> >beyond that offset value.
>> >> >
>> >> 
>> >> Is the race solved? Using default_llseek() still races
>> >> with read_kcore() on fpos, AFAIK.
>> >
>> >Hmm, how does it race there?
>> >
>> >read_kcore() manipulates fpos, which can't be changed behind
>> >us inside the read callback as it's a snapshot. Also read_kcore()
>> >can change the value of fpos, which is writed back to file->fpos
>> >from sys_read().
>> >
>> >So the last resulting race here the natural one between
>> >seeking and reading, which is up to the user to take care
>> >of.
>> 
>> Hmm, I just read the changelog of commit
>> 34aacb2920667d405a8df15968b7f71ba46c8f18, which claims to fix
>> the race. So anything changed in vfs layer after that?
>
>
>Ah it didn't fix any race, it just got rid of the bkl, OTOH
>I said in my changelog:
>
>	"/proc/kcore has no llseek and then falls down to use default_llseek.
>	This is racy against read_kcore() that directly manipulates fpos
>	but it doesn't hold the bkl there so using it in llseek doesn't
>	protect anything."
>
>So I think this just testifies my crude misunderstanding of the code when I wrote
>that changelog. I didn't realize fpos is a copy of the file offset that is writed back
>later. Hence my changelog was buggy.

Ok, thanks for explaining this!
Dave's patch should be alright.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ