lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20070603062840.GA8396@cvg>
Date:	Sun, 3 Jun 2007 10:28:40 +0400
From:	Cyrill Gorcunov <gorcunov@...il.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Cyrill Gorcunov <gorcunov@...il.com>,
	Eric Sandeen <sandeen@...deen.net>, Jan Kara <jack@...e.cz>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/2] Fix possible leakage of blocks in UDF

[Andrew Morton - Sat, Jun 02, 2007 at 03:49:42PM -0700]
| On Sun, 3 Jun 2007 00:01:46 +0400 Cyrill Gorcunov <gorcunov@...il.com> wrote:
| 
| > [Andrew Morton - Sat, Jun 02, 2007 at 12:16:16PM -0700]
| > [...snip...]
| > | 
| > | No, the problem is that the patch caused the kernel to take inode_lock
| > | within the newly-added drop_inode(), btu drop_inode() is already called
| > | under inode_lock.
| > | 
| > | It has nothing to do with lock_kernel() and it has nothing to do with
| > | sleeping.
| > | 
| > 
| > Andrew, the only call that could leading to subseq. inode_lock lock
| > is mark_inode_dirty() I guess (and that is snown by Eric's dump)
| > but as I shown you in my dbg print without SMP it's OK. So
| > is it SMP who lead to lock? How it depends on it? (I understand
| > that is a stupid question for you but if you have time explain
| > me this please ;)
| > 
| 
| When CONFIG_SMP=n, spin_lock() is a no-op.  (Except with CONFIG_PREEMPT=y,
| in which case spin_lock() will disable kernel preemption on SMP and non-SMP
| kernels)
| 
| When CONFIG_SMP=y, spin_lock() really does take a lock.  But if this thread
| already holds this lock, we'll deadlock.
| 

Thanks, Andrew. So the reason that raises lock problem is the calling of
mark_inode_dirty() inside drop_inode() (by indirection). And I see two way
of solution:

- or check for inode->i_count at each mark_inode_dirty that being called
  after drop_inode

		if (inode->i_count > 0)
				mark_inode_dirty()

- or wrap mark_inode_dirty as

	udf_mark_inode_dirty()
	{
		if (inode->i_count > 0)
			mark_inode_dirty();
	}

	and replace all mark_inode_dirty -> udf_mark_inode_dirty

Your thoughts?

		Cyrill

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ