lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <m1octm287f.fsf@fess.ebiederm.org>
Date:	Thu, 21 May 2009 01:04:04 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Tejun Heo <tj@...nel.org>
Cc:	Andrew Morton <akpm@...ux-foundation.org>,
	Greg Kroah-Hartman <gregkh@...e.de>,
	linux-kernel@...r.kernel.org,
	Cornelia Huck <cornelia.huck@...ibm.com>,
	linux-fsdevel@...r.kernel.org,
	"Eric W. Biederman" <ebiederm@...stanetworks.com>
Subject: Re: [PATCH 04/20] sysfs: Handle the general case of removing of directories with subdirectories

Tejun Heo <tj@...nel.org> writes:

> Eric W. Biederman wrote:
>>> I agree we should be heading this way but what happens to attributes
>>> or directories living below the subdirectories?  If it's gonna handle
>>> recursive case, I think it better do it properly.  I had patches of
>>> similar effect.
>> 
>> I do handle it properly.  sysfs_get_one finds the deepest child of the
>> first directory entry.  Then I remove it.  And I repeat until done.
>> 
>> The locking is correct, something that is much more difficult to
>> tell with your version.
>
> Why? :-)

Because mine is all in a single place and there is no optimization
to get locks I don't need.

Unless I have misread your patch you are failing to get the
i_mutex for child directories, if it possible to get it.

Something that it is trivial to see that I always do correctly.
Simply because the distance between the lock and where I depend on
it is so small.

>> By grabbing and dropping the sysfs_mutex things are simpler, and they
>> get even simpler in future patches.
>> 
>> Now looking at that code in detail there is a question of what happens if
>> we add a directory entry while we are recursively deleting a directory.
>> Neither your patch, my patch, nor the existing code handle that case
>> (assuming the sysfs_dirent) was looked up before it is removed from it's
>> parent directory.  I expect another patch is called for to plug that
>> theoretical gap.  
>> 
>> I expect the way to close that hole is to have an extra flag that says
>> we are removing a directory entry and refuse to add if that flag is
>> set.
>> 
>> I would prefer to only remove empty directories.  But when I
>> instrumented things up I found cases where that does indeed happen.
>
> IIRC, my version did the whole thing while holding sysfs_mutex, so
> it's safe against such races.  I can't really see why ops like this
> can't be atomic in sysfs.  I don't really care how things are done but
> please make it atomic.

Nope.  Holding the sysfs_mutex does not make you safe from such races.
It actually makes you more prone to someone adding a directory entry to
a deleted directory and not having it deleted.  I have a chance of
deleting the added directory entry.

The problem is that sysfs_add_one takes to sysfs_dirents.  The look up
of the directory is done before we take the sysfs_mutex.  So the
sysfs_dirent could be grabbed at any time.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ