| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Jul 2011 00:26:05 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Hugh Dickins <hughd@...gle.com>, Andrew Morton <akpm@...ux-foundation.org>, Nick Piggin <npiggin@...nel.dk>, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [PATCH] vfs: fix race in rcu lookup of pruned dentry On Sun, Jul 17, 2011 at 03:59:26PM -0700, Linus Torvalds wrote: > On Sun, Jul 17, 2011 at 3:00 PM, Linus Torvalds > <torvalds@...ux-foundation.org> wrote: > > > > The above (whitespace-damaged) patch may look trivial, but it is > > *entirely* untested, and maybe my gut feel that the above is the right > > way to solve the problem is just wrong. > > > > Al, any reactions? Hugh, does the above patch work for your > > stress-test case? Or, indeed, at all? > > Hmm, it worked for my small test, including under memory pressure that > was shrinking dentries. But my test is not the kind of stress-test > that you clearly have, so that only means that it has not *really* > obvious breakages. Let's not go there at the moment. I really don't want to pile on more things needing audit that late in the cycle... I've posted what I think is the minimal fix - two lines added in the lazy side of do_lookup(); if Hugh can confirm that his breakage is gone with that, I'd strongly suggest going with that one at the momemnt... Speaking of things found late in cycle: today's catch so far is UFS being buggered when exported over NFS (trivially fixed, d_splice_alias() needed there) and cramfs calling d_add(dentry, ERR_PTR(-ENOMEM)) on OOM... Plus yesterday cifs and ceph holes, plus exofs_get_parent() oopsable due to confusion about calling conventions (it should return ERR_PTR() on stale, not NULL). Pending ones: lack of i_mutex in btrfs get_default_root() and bad misuse of d_splice_alias() in there, *really* nasty one in nfs async sillyrename (d_move() outside of i_mutex if unlink() goes sillyrename way and gets SIGKILL while waiting for server to reply) and cifs_get_root() lacking permission checks, i_mutex and calling d_materialise_unique() on possibly hashed dentry. Plus a bunch of dubious places in ceph... ;-/ _And_ remaining fuckloads of places to wade through... -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists