| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Jun 2008 18:41:25 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Ian Kent <raven@...maw.net> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, Miklos Szeredi <miklos@...redi.hu>, jesper@...gh.cc, linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: Linux 2.6.26-rc4 On Wed, Jun 04, 2008 at 01:28:23AM +0800, Ian Kent wrote: > > On Tue, 2008-06-03 at 17:50 +0100, Al Viro wrote: > > On Tue, Jun 03, 2008 at 05:41:03PM +0100, Al Viro wrote: > > > > > >From my reading of that code looks like it's been rmdir'ed. And no, I > > > don't understand what the hell is that code trying to do. > > > > > > Ian, could you describe the race you are talking about? > > > > BTW, this stuff is definitely broken regardless of mount - if something > > had the directory in question opened before that rmdir and we'd hit > > your lookup_unhashed while another CPU had been in the middle of > > getdents(2) on that opened descriptor, we'll get > > > > vfs_readdir() grabs i_mutex > > vfs_readdir() checks that it's dead > > autofs4_lookup_unhashed() calls iput() > > Can this really happen, since autofs4_lookup_unhashed() is only called > with the i_mutex held. i_mutex on a different inode (obviously - it frees the inode in question, so if caller held i_mutex on it, you would be in trouble every time you hit that codepath). -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists