lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAAwBoOLoHTZGWFw5y_3MoMgZDQ3gCUQrsAO8Z=U4RwV9KyA_fA@mail.gmail.com> Date: Thu, 28 Nov 2019 12:03:04 -0500 From: Meng Xu <mengxu.gatech@...il.com> To: linux-ext4@...r.kernel.org Subject: potential data race on ext_inode_hdr(inode)->eh_depth, ext_inode_hdr(inode)->eh_max between a creat and unlink syscall Hi Ext4 Developers, I notice a potential data race on ext_inode_hdr(inode)->eh_depth, ext_inode_hdr(inode)->eh_max between a create and unlink syscall. Following is the trace: [Setup] mkdir("foo", 511) = 0; open("foo", 65536, 511) = 3; create("bar", 511) = 4; symlink("foo", "sym_foo") = 0; open("sym_foo", 65536, 511) = 5; [Thread 1] create("bar", 438); __do_sys_creat ksys_open do_filp_open path_openat do_last handle_truncate do_truncate notify_change ext4_setattr ext4_truncate ext4_ext_truncate ext4_ext _remove_space [WRITE, 2 bytes] ext_inode_hdr(inode)->eh_depth = 0; [WRITE, 2 bytes] ext_inode_hdr(inode)->eh_max = cpu_to_le16(ext4_ext_space_root(inode, 0)); [Thread 2] unlink("sym_foo"); __do_sys_unlink do_unlinkat iput iput_final evict ext4_evict_inode ext4_orphan_del ext4_mark_iloc_dirty ext4_do_update_inode [READ, 4 bytes] raw_inode->i_block[block] = ei->i_data[block]; I could observe that the order between the READ and WRITE is not deterministic and I was curious what will happen if the READ takes place in the middle of the two WRITES? Does it cause any damages or violations? Best Regards, Meng
Powered by blists - more mailing lists