lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 24 Jan 2020 14:15:31 +0800 From: Gao Xiang <hsiangkao@....com> To: Eric Biggers <ebiggers@...nel.org> Cc: linux-ext4@...r.kernel.org, linux-fsdevel@...r.kernel.org, linux-f2fs-devel@...ts.sourceforge.net, Alexander Viro <viro@...iv.linux.org.uk>, Daniel Rosenberg <drosen@...gle.com>, Gabriel Krisman Bertazi <krisman@...labora.com> Subject: Re: [PATCH] ext4: fix race conditions in ->d_compare() and ->d_hash() On Thu, Jan 23, 2020 at 09:42:56PM -0800, Eric Biggers wrote: > On Fri, Jan 24, 2020 at 01:34:23PM +0800, Gao Xiang wrote: > > On Thu, Jan 23, 2020 at 09:16:01PM -0800, Eric Biggers wrote: > > > > [] > > > > > So we need READ_ONCE() to ensure that a consistent value is used. > > > > By the way, my understanding is all pointer could be accessed > > atomicly guaranteed by compiler. In my opinion, we generally > > use READ_ONCE() on pointers for other uses (such as, avoid > > accessing a variable twice due to compiler optimization and > > it will break some logic potentially or need some data > > dependency barrier...) > > > > Thanks, > > Gao Xiang > > But that *is* why we need READ_ONCE() here. Without it, there's no guarantee > that the compiler doesn't load the variable twice. Please read: > https://github.com/google/ktsan/wiki/READ_ONCE-and-WRITE_ONCE After scanning the patch, it seems the parent variable (dentry->d_parent) only referenced once as below: - struct inode *inode = dentry->d_parent->d_inode; + const struct dentry *parent = READ_ONCE(dentry->d_parent); + const struct inode *inode = READ_ONCE(parent->d_inode); So I think it is enough as const struct inode *inode = READ_ONCE(dentry->d_parent->d_inode); to access parent inode once to avoid parent inode being accessed for more time (and all pointers dereference should be in atomic by compilers) as one reason on if (!inode || !IS_CASEFOLDED(inode) || ... or etc. Thanks for your web reference, I will look into it. I think there is no worry about dentry->d_parent here because of this only one dereference on dentry->d_parent. You could ignore my words anyway, just my little thought though. Other part of the patch is ok. Thanks, Gao Xiang > > - Eric
Powered by blists - more mailing lists