lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <49AF5367.5040006@redhat.com>
Date:	Wed, 04 Mar 2009 22:21:59 -0600
From:	Eric Sandeen <sandeen@...hat.com>
To:	"Aneesh Kumar K.V" <aneesh.kumar@...ux.vnet.ibm.com>
CC:	ext4 development <linux-ext4@...r.kernel.org>
Subject: Re: [PATCH] fix ext4_free_inode vs. ext4_claim_inode race

Aneesh Kumar K.V wrote:
> On Wed, Mar 04, 2009 at 05:11:28PM -0600, Eric Sandeen wrote:
>> Eric Sandeen wrote:
>>
>> Index: linux-2.6/fs/ext4/ialloc.c
>> ===================================================================
>> --- linux-2.6.orig/fs/ext4/ialloc.c
>> +++ linux-2.6/fs/ext4/ialloc.c
>> @@ -609,26 +609,33 @@ static int ext4_claim_inode(struct super
>>  			struct buffer_head *inode_bitmap_bh,
>>  			unsigned long ino, ext4_group_t group, int mode)
>>  {
>> -	int free = 0, retval = 0, count;
>> +	int free = 0, bitset, count;
>>  	struct ext4_sb_info *sbi = EXT4_SB(sb);
>>  	struct ext4_group_desc *gdp = ext4_get_group_desc(sb, group, NULL);
>>
>> -	spin_lock(sb_bgl_lock(sbi, group));
>> -	if (ext4_set_bit(ino, inode_bitmap_bh->b_data)) {
>> -		/* not a free inode */
>> -		retval = 1;
>> -		goto err_ret;
>> +	/* if uninit, protect against ext4_read_inode_bitmap initialization */
>> +	bitset = -1;
>> +	if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT)) {
>> +		spin_lock(sb_bgl_lock(sbi, group));
>> +		if (gdp->bg_flags & cpu_to_le16(EXT4_BG_INODE_UNINIT))
>> +			bitset = ext4_set_bit(ino, inode_bitmap_bh->b_data);
>> +		spin_unlock(sb_bgl_lock(sbi, group));
>>  	}
> 
> 
> That won't work. We need set the bit and clear the  INODE_UNINIT flag
> by holding the spin_lock. In ext4_read_inode_bitmap we check the
> INODE_UNINIT flag and re-init the inode bitmap. So we may end up 
> re-initing the bitmap if we don't clear the INODE_UNINIT flag holding
> the spin lock

Yeah, I guess maybe that's the same old race we had to start with isn't it.

Remind me again why we don't just clear UNINIT when we read in the
bitmap in and ... init it?

-Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists