lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 28 Nov 2019 18:19:47 -0500
From:   "Theodore Y. Ts'o" <tytso@....edu>
To:     Meng Xu <mengxu.gatech@...il.com>
Cc:     linux-ext4@...r.kernel.org
Subject: Re: potential data race on ext_inode_hdr(inode)->eh_depth,
 ext_inode_hdr(inode)->eh_max between a creat and unlink syscall

On Thu, Nov 28, 2019 at 12:03:04PM -0500, Meng Xu wrote:
> I notice a potential data race on ext_inode_hdr(inode)->eh_depth,
> ext_inode_hdr(inode)->eh_max between a create and unlink syscall.
> Following is the trace:
> 
> [Setup]
> mkdir("foo", 511) = 0;
> open("foo", 65536, 511) = 3;
> create("bar", 511) = 4;
> symlink("foo", "sym_foo") = 0;
> open("sym_foo", 65536, 511) = 5;
> 
> [Thread 1]
> create("bar", 438);
> 
> __do_sys_creat
>   ksys_open
>     do_filp_open
>       path_openat
>         do_last
>           handle_truncate
>             do_truncate
>               notify_change
>                 ext4_setattr
>                   ext4_truncate
>                     ext4_ext_truncate
>                       ext4_ext _remove_space
>                         [WRITE, 2 bytes] ext_inode_hdr(inode)->eh_depth = 0;
>                         [WRITE, 2 bytes] ext_inode_hdr(inode)->eh_max
> = cpu_to_le16(ext4_ext_space_root(inode, 0));
> 
> [Thread 2]
> unlink("sym_foo");
> 
> __do_sys_unlink
>   do_unlinkat
>     iput
>       iput_final
>         evict
>           ext4_evict_inode
>             ext4_orphan_del
>               ext4_mark_iloc_dirty
>                 ext4_do_update_inode
>                   [READ, 4 bytes] raw_inode->i_block[block] = ei->i_data[block];
> 
> 
> I could observe that the order between the READ and WRITE is not
> deterministic and I was curious what will happen if the READ takes
> place in the middle of the two WRITES? Does it cause any damages or
> violations?

This makes no sense.  The inodes corresponding to "sym_foo" and "bar"
are completely differenth.  So why would there be a data race?

How are you concluding that that there is, in fact, a data race?

    	    	       	    	       - Ted

Powered by blists - more mailing lists