lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240204021436.GH2087318@ZenIV>
Date: Sun, 4 Feb 2024 02:14:36 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: linux-fsdevel@...r.kernel.org
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
	Christian Brauner <brauner@...nel.org>, linux-ext4@...r.kernel.org,
	linux-nfs@...r.kernel.org, Miklos Szeredi <miklos@...redi.hu>,
	linux-cifs@...r.kernel.org
Subject: [PATCHES] RCU pathwalk race fixes

	We still have some races in filesystem methods when exposed
to RCU pathwalk.  The series below is a result of code audit (the
second round of it) and it should deal with most of that stuff.
Exceptions: ntfs3 ->d_hash()/->d_compare() and ceph_d_revalidate().
Up to maintainers (a note for NTFS folks - when documentation says
that a method may not block, it *does* imply that blocking allocations
are to be avoided.  Really).

	Branch is 6.8-rc1-based; it lives in
git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs.git fixes.pathwalk-rcu

Individual patches are in followups; ditto for code audit notes.  Beginning
of the latter should probably be converted into docs; if anyone is willing
to help with such conversion, please say so - I'll be glad to answer any
questions, etc.

If somebody wants to grab bits and pieces of that series into individual
filesystem git trees, please say so.  Same for any problems spotted in
the patches, obviously.  If nothing shows up, that goes into #fixes and
into mainline.

Shortlog:
      fs/super.c: don't drop ->s_user_ns until we free struct super_block itself
      rcu pathwalk: prevent bogus hard errors from may_lookup()
      affs: free affs_sb_info with kfree_rcu()
      exfat: move freeing sbi, upcase table and dropping nls into rcu-delayed helper
      hfsplus: switch to rcu-delayed unloading of nls and freeing ->s_fs_info
      afs: fix __afs_break_callback() / afs_drop_open_mmap() race
      nfs: make nfs_set_verifier() safe for use in RCU pathwalk
      nfs: fix UAF on pathwalk running into umount
      procfs: move dropping pde and pid from ->evict_inode() to ->free_inode()
      procfs: make freeing proc_fs_info rcu-delayed
      fuse: fix UAF in rcu pathwalks
      cifs_get_link(): bail out in unsafe case
      ext4_get_link(): fix breakage in RCU mode

Diffstat:
 fs/affs/affs.h            |  1 +
 fs/affs/super.c           |  2 +-
 fs/afs/file.c             |  8 ++++++--
 fs/exfat/exfat_fs.h       |  1 +
 fs/exfat/nls.c            | 14 ++++----------
 fs/exfat/super.c          | 20 +++++++++++---------
 fs/ext4/symlink.c         |  8 +++++---
 fs/fuse/cuse.c            |  3 +--
 fs/fuse/fuse_i.h          |  1 +
 fs/fuse/inode.c           | 15 +++++++++++----
 fs/hfsplus/hfsplus_fs.h   |  1 +
 fs/hfsplus/super.c        | 12 +++++++++---
 fs/namei.c                |  6 +++++-
 fs/nfs/client.c           | 13 ++++++++++---
 fs/nfs/dir.c              |  4 ++--
 fs/proc/base.c            |  2 --
 fs/proc/inode.c           | 19 ++++++++-----------
 fs/proc/root.c            |  2 +-
 fs/smb/client/cifsfs.c    |  3 +++
 fs/super.c                | 13 ++++---------
 include/linux/nfs_fs_sb.h |  2 ++
 include/linux/proc_fs.h   |  1 +
 22 files changed, 88 insertions(+), 63 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ