lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 13 Nov 2009 22:30:00 +0900
From:	Trond Myklebust <trond.myklebust@....uio.no>
To:	Jeff Layton <jlayton@...hat.com>
Cc:	linux-nfs@...r.kernel.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, ebiederm@...ssion.com,
	adobriyan@...il.com, viro@...IV.linux.org.uk, jamie@...reable.org
Subject: Re: [PATCH] nfs4: handle situation where dentry wasn't revalidated
 on open

On Fri, 2009-11-13 at 08:23 -0500, Jeff Layton wrote:
> This patch is an alternate approach to fixing this problem that doesn't
> rely on VFS changes...
> 
> Currently, the NFSv4 client code relies on the ->lookup and
> ->d_revalidate codepaths to handle the open processing during lookup. In
> certain situations (notably LAST_BIND symlinks and file bind mounts)
> it's possible for the VFS to skip calling d_revalidate on a dentry that
> it finds in the cache. If this is done on an open call, the file doesn't
> get opened on the wire, no state is established and stateful operations
> fail against it.
> 
> This patchset fixes this problem by taking advantage of the fact that we
> can pass an open routine to lookup_instantiate_filp. A new open file
> operation for NFSv4 is added that should only be called if the filp
> wasn't instantiated during lookup. The original open routine is passed
> to lookup_instantiate_filp to ensure no change in behavior there.
> 
> Signed-off-by: Jeff Layton <jlayton@...hat.com>
> ---
<snip>
> +/*
> + * should only be called when VFS skips revalidation
> + */
> +int
> +nfs4_open(struct inode *inode, struct file *filp)
> +{
> +	struct inode *dir = filp->f_path.dentry->d_parent->d_inode;
> +	struct rpc_cred *cred;
> +	struct nfs_open_context *ctx;
> +
> +	cred = rpc_lookup_cred();
> +	if (IS_ERR(cred))
> +		return PTR_ERR(cred);
> +
> +	ctx = alloc_nfs_open_context(filp->f_path.mnt, filp->f_path.dentry, cred);
> +	if (ctx == NULL) {
> +		put_rpccred(cred);
> +		return -ENOMEM;
> +	}
> +
> +	ctx->state = nfs4_do_open(dir, &filp->f_path, filp->f_mode, filp->f_flags, NULL, cred);
> +	put_rpccred(cred);
> +	if (IS_ERR(ctx->state)) {
> +		put_nfs_open_context(ctx);
> +		return PTR_ERR(ctx->state);
> +	}
> +	ctx->mode = filp->f_mode;
> +	nfs_set_verifier(filp->f_path.dentry, nfs_save_change_attribute(dir));
> +	nfs_file_set_open_context(filp, ctx);
> +	put_nfs_open_context(ctx);
> +	nfs_fscache_set_inode_cookie(inode, filp);
> +	return 0;
> +}
> +

So what happens if the file has been renamed/deleted/replaced since the
lookup occurred? You basically end up with a state that corresponds to a
different file than the filp->f_path...

Cheers
  Trond

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ