| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 28 Nov 2019 12:03:04 -0500
From: Meng Xu <mengxu.gatech@...il.com>
To: linux-ext4@...r.kernel.org
Subject: potential data race on ext_inode_hdr(inode)->eh_depth,
ext_inode_hdr(inode)->eh_max between a creat and unlink syscall
Hi Ext4 Developers,
I notice a potential data race on ext_inode_hdr(inode)->eh_depth,
ext_inode_hdr(inode)->eh_max between a create and unlink syscall.
Following is the trace:
[Setup]
mkdir("foo", 511) = 0;
open("foo", 65536, 511) = 3;
create("bar", 511) = 4;
symlink("foo", "sym_foo") = 0;
open("sym_foo", 65536, 511) = 5;
[Thread 1]
create("bar", 438);
__do_sys_creat
ksys_open
do_filp_open
path_openat
do_last
handle_truncate
do_truncate
notify_change
ext4_setattr
ext4_truncate
ext4_ext_truncate
ext4_ext _remove_space
[WRITE, 2 bytes] ext_inode_hdr(inode)->eh_depth = 0;
[WRITE, 2 bytes] ext_inode_hdr(inode)->eh_max
= cpu_to_le16(ext4_ext_space_root(inode, 0));
[Thread 2]
unlink("sym_foo");
__do_sys_unlink
do_unlinkat
iput
iput_final
evict
ext4_evict_inode
ext4_orphan_del
ext4_mark_iloc_dirty
ext4_do_update_inode
[READ, 4 bytes] raw_inode->i_block[block] = ei->i_data[block];
I could observe that the order between the READ and WRITE is not
deterministic and I was curious what will happen if the READ takes
place in the middle of the two WRITES? Does it cause any damages or
violations?
Best Regards,
Meng
Powered by blists - more mailing lists