lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <47A39D8F.9010003@redhat.com>
Date:	Fri, 01 Feb 2008 17:30:39 -0500
From:	Peter Staubach <staubach@...hat.com>
To:	Miklos Szeredi <miklos@...redi.hu>
CC:	linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
	akpm@...ux-foundation.org, trond.myklebust@....uio.no,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH 2/3] enhanced syscall ESTALE error handling (v2)

Miklos Szeredi wrote:
>>> This doesn't apply to -mm, because the ro-mounts stuff touches a lot
>>> of the same places as this patch.  You probably need to rebase this on
>>> top of those changes.
>>>
>>>   
>>>       
>>>> This patch adds handling for the error, ESTALE, to the system
>>>> calls which take pathnames as arguments.  The algorithm used
>>>> is to detect that an ESTALE error has occurred during an
>>>> operation subsequent to the lookup process and then to unwind
>>>> appropriately and then to perform the lookup process again.
>>>> Eventually, either the lookup process will return an error
>>>> or a valid dentry/inode combination and then operation can
>>>> succeed or fail based on its own merits.
>>>>     
>>>>         
>>> If a broken NFS server or FUSE filesysem keeps returning ESTALE, this
>>> goes into an infinite loop.  How are we planning to deal with that?
>>>
>>>   
>>>       
>> Would you describe the situation that would cause the kernel to
>> go into an infinite loop, please?
>>     
>
> The patch basically does:
>
> 	do {
> 		...
> 		error = inode->i_op->foo()
> 		...
> 	} while (error == ESTALE);
>
> What is the guarantee, that ->foo() will not always return ESTALE?

You skimmed over some stuff, like the pathname lookup component
contained in the first set of dots...

I can't guarantee that ->foo() won't always return ESTALE.

That said, the loop is not unbreakable.  At least for NFS, a signal
to the process will interrupt the loop because the error returned
will change from ESTALE to EINTR.

These changes include the base assumption that the components of
the underlying file system are basically reliable, that there is
a way to deal with bugs and/or malicious entities in the short
term, and that these things will be dealt with appropriately
in the longer term.

The short term resolution is a signal.  The longer term fix is
to hunt down the bug or the malicious entity and either make it
go away or fence it off via some security measure or another to
prevent it from causing another problem.

If the underlying file system is the type that could potentially
return ESTALE, then it needs to be aware of the system architecture
and handle things appropriately.

    Thanx...

       ps
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ