| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <63df45984a1a7fe5998861abd3210b781662d7f9.camel@web.de>
Date: Mon, 09 Dec 2024 13:53:57 +0100
From: Bert Karwatzki <spasswolf@....de>
To: Jan Kara <jack@...e.cz>
Cc: Josef Bacik <josef@...icpanda.com>, linux-kernel@...r.kernel.org,
kernel-team@...com, linux-fsdevel@...r.kernel.org, amir73il@...il.com,
brauner@...nel.org, torvalds@...ux-foundation.org, viro@...iv.linux.org.uk,
linux-xfs@...r.kernel.org, linux-btrfs@...r.kernel.org,
linux-mm@...ck.org, linux-ext4@...r.kernel.org, spasswolf@....de
Subject: Re: commit 0790303ec869 leads to cpu stall without
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
Am Montag, dem 09.12.2024 um 13:26 +0100 schrieb Jan Kara:
> On Mon 09-12-24 13:11:04, Jan Kara wrote:
> > > Then I took a closer look at the function called in the problematic code
> > > and noticed that fsnotify_file_area_perm(), is a NOOP when
> > > CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set (which was the case in my
> > > .config). This also explains why this was not found before, as
> > > distributional .config file have this option enabled. Setting the option
> > > to y solves the issue, too
> >
> > Well, I agree with you on all the points but the real question is, how come
> > the test FMODE_FSNOTIFY_HSM(file->f_mode) was true on our kernel when you
> > clearly don't run HSM software, even more so with
> > CONFIG_FANOTIFY_ACCESS_PERMISSIONS disabled. That's the real cause of this
> > problem. Something fishy is going on here... checking...
> >
> > Ah, because I've botched out file_set_fsnotify_mode() in case
> > CONFIG_FANOTIFY_ACCESS_PERMISSIONS is disabled. This should fix the
> > problem:
> >
> > index 1a9ef8f6784d..778a88fcfddc 100644
> > --- a/include/linux/fsnotify.h
> > +++ b/include/linux/fsnotify.h
> > @@ -215,6 +215,7 @@ static inline int fsnotify_open_perm(struct file *file)
> > #else
> > static inline void file_set_fsnotify_mode(struct file *file)
> > {
> > + file->f_mode |= FMODE_NONOTIFY_PERM;
> > }
> >
> > I'm going to test this with CONFIG_FANOTIFY_ACCESS_PERMISSIONS disabled and
> > push out a fixed version. Thanks again for the report and analysis!
>
> So this was not enough, What we need is:
> index 1a9ef8f6784d..778a88fcfddc 100644
> --- a/include/linux/fsnotify.h
> +++ b/include/linux/fsnotify.h
> @@ -215,6 +215,10 @@ static inline int fsnotify_open_perm(struct file *file)
> #else
> static inline void file_set_fsnotify_mode(struct file *file)
> {
> + /* Is it a file opened by fanotify? */
> + if (FMODE_FSNOTIFY_NONE(file->f_mode))
> + return;
> + file->f_mode |= FMODE_NONOTIFY_PERM;
> }
>
> This passes testing for me so I've pushed it out and the next linux-next
> build should have this fix.
>
> Honza
I had "mixed success" with your first fix, out of 4 boots I got 2 hangs, but the
new version seems to work fine (4 boots, zero hangs).
Bert Karwatzki
Powered by blists - more mailing lists