lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <49AF5367.5040006@redhat.com> Date: Wed, 04 Mar 2009 22:21:59 -0600 From: Eric Sandeen <sandeen@...hat.com> To: "Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com> CC: ext4 development <linux-ext4@...r.kernel.org> Subject: Re: [PATCH] fix ext4_free_inode vs. ext4_claim_inode race Aneesh Kumar K.V wrote: > On Wed, Mar 04, 2009 at 05:11:28PM -0600, Eric Sandeen wrote: >> Eric Sandeen wrote: >> >> Index: linux-2.6/fs/ext4/ialloc.c >> =================================================================== >> --- linux-2.6.orig/fs/ext4/ialloc.c >> +++ linux-2.6/fs/ext4/ialloc.c >> @@ -609,26 +609,33 @@ static int ext4_claim_inode(struct super >> struct buffer_head *inode_bitmap_bh, >> unsigned long ino, ext4_group_t group, int mode) >> { >> - int free = 0, retval = 0, count; >> + int free = 0, bitset, count; >> struct ext4_sb_info *sbi = EXT4_SB(sb); >> struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL); >> >> - spin_lock(sb_bgl_lock(sbi, group)); >> - if (ext4_set_bit(ino, inode_bitmap_bh->b_data)) { >> - /* not a free inode */ >> - retval = 1; >> - goto err_ret; >> + /* if uninit, protect against ext4_read_inode_bitmap initialization */ >> + bitset = -1; >> + if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) { >> + spin_lock(sb_bgl_lock(sbi, group)); >> + if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) >> + bitset = ext4_set_bit(ino, inode_bitmap_bh->b_data); >> + spin_unlock(sb_bgl_lock(sbi, group)); >> } > > > That won't work. We need set the bit and clear the INODE_UNINIT flag > by holding the spin_lock. In ext4_read_inode_bitmap we check the > INODE_UNINIT flag and re-init the inode bitmap. So we may end up > re-initing the bitmap if we don't clear the INODE_UNINIT flag holding > the spin lock Yeah, I guess maybe that's the same old race we had to start with isn't it. Remind me again why we don't just clear UNINIT when we read in the bitmap in and ... init it? -Eric -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists