lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <m11vys7k92.fsf_-_@frodo.ebiederm.org>
Date:	Tue, 07 Oct 2008 03:49:29 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Greg KH <greg@...ah.com>
Cc:	Al Viro <viro@...IV.linux.org.uk>,
	Benjamin Thery <benjamin.thery@...l.net>,
	linux-kernel@...r.kernel.org, "Serge E. Hallyn" <serue@...ibm.com>,
	Al Viro <viro@....linux.org.uk>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Tejun Heo <tj@...nel.org>
Subject: [PATCH 1/3] sysfs:  Remove lock ordering violation in sysfs_chmod_file.


It is a wee bit subtle but sysfs_get_dentry grabs inode->i_mutex.
of potentially all of the parents of sd.  So I can not hold
the inode mutex of the directory while it is called.

Signed-off-by: Eric W. Biederman <ebiederm@...ssion.com>
---
 fs/sysfs/file.c |   37 ++++++++++++++++---------------------
 1 files changed, 16 insertions(+), 21 deletions(-)

diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 091c0de..8b572b6 100644
--- a/fs/sysfs/file.c
+++ b/fs/sysfs/file.c
@@ -582,7 +582,6 @@ int sysfs_chmod_file(struct kobject *kobj, struct attribute *attr, mode_t mode)
 {
 	struct sysfs_dirent *victim_sd = NULL;
 	struct super_block *sb;
-	struct inode * inode = NULL;
 	struct iattr newattrs;
 	int rc;
 
@@ -591,42 +590,38 @@ int sysfs_chmod_file(struct kobject *kobj, struct attribute *attr, mode_t mode)
 	if (!victim_sd)
 		goto out;
 
-	rc = -ENOENT;
-	mutex_lock(&sysfs_mutex);
-	inode = sysfs_get_inode(victim_sd);
-	mutex_unlock(&sysfs_mutex);
-	if (!inode)
- 		goto out;
-
 	mutex_lock(&sysfs_rename_mutex);
 	sysfs_grab_supers();
-	mutex_lock(&inode->i_mutex);
-
-	newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
-	newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
-	newattrs.ia_ctime = current_fs_time(inode->i_sb);
-	rc = sysfs_sd_setattr(victim_sd, inode, &newattrs);
-	if (rc)
-		goto out_unlock;
 
 	list_for_each_entry(sb, &sysfs_fs_type.fs_supers, s_instances) {
+		struct dentry *	victim;
+		struct inode * inode;
+
 		/* Ignore it when the dentry does not exist on the
 		 * target superblock.
 		 */
-		struct dentry *	victim = sysfs_get_dentry(sb, victim_sd);
+		mutex_lock(&sysfs_mutex);
+		victim = sysfs_get_dentry(sb, victim_sd);
+		mutex_unlock(&sysfs_mutex);
 		if (IS_ERR(victim))
 			continue;
 
-		fsnotify_change(victim, newattrs.ia_valid);
+		inode = victim->d_inode;
+		mutex_lock(&inode->i_mutex);
+		newattrs.ia_mode = (mode & S_IALLUGO) | (inode->i_mode & ~S_IALLUGO);
+		newattrs.ia_valid = ATTR_MODE | ATTR_CTIME;
+		newattrs.ia_ctime = current_fs_time(inode->i_sb);
+		rc = sysfs_sd_setattr(victim_sd, inode, &newattrs);
+		if (!rc)
+			fsnotify_change(victim, newattrs.ia_valid);
+
+		mutex_unlock(&inode->i_mutex);
 		dput(victim);
 	}
 
- out_unlock:
-	mutex_unlock(&inode->i_mutex);
 	sysfs_release_supers();
 	mutex_unlock(&sysfs_rename_mutex);
  out:
-	iput(inode);
 	sysfs_put(victim_sd);
 	return rc;
 }
-- 
1.5.3.rc6.17.g1911

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ