lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100202010653.GD12882@ZenIV.linux.org.uk>
Date:	Tue, 2 Feb 2010 01:06:53 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Linus Torvalds <torvalds@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH][RFC] %pd - for printing dentry name

On Mon, Feb 01, 2010 at 11:18:47PM +0000, Al Viro wrote:

> Ehh...  RCU will save you from stepping on freed memory, but it still will
> leave the joy of half-updated string with length out of sync with it, etc.
> We probably can get away with that, but we'll have to be a lot more careful
> with the order of updating these suckers in d_move_locked et.al.
> 
> I don't know...  Note that if we end up adding something extra to struct
> dentry, we might as well just add *another* spinlock, taken only under
> ->d_lock and only in two places in dcache.c that change d_name.  That kind
> of thing is trivial to enforce (just grep over the tree once in a while)
> and if it shares the cacheline with d_lock, we shouldn't get any real overhead
> in d_move()/d_materialise_unique().  I'm not particulary fond of that variant,
> but it's at least guaranteed to be devoid of subtleties.
> 
> If RCU folks can come up with a sane suggestions that would be robust and
> wouldn't bloat dentry - sure, I'm all for it.  If not...

As the matter of fact, there's just *one* place that has any business [*]
changing ->d_name contents of dentry that might be visible to somebody
else.  fs/dcache.c::switch_names().

So a very brute-force approach would be to add a new spinlock to dentry and
have switch_names() grab it on dentry and target and drop when we are done,
dname_string() grab it around the call of string() and pull the guts out
through the nose to anyone who as much as mentions that lock outside of
fs/dcache.c:switch_names() and lib/vsprintf.c:dname_string().

Again, I'd love to see something more elegant; this variant won't add any
contention and if we place the lock next to d_lock we won't get any cacheline
bouncing either (we'd just taken ->d_lock on both dentries), but it's
rather ugly way to deal with the problem.  I mean, a spinlock just for the
needs of debugging printks?  Yuck.

BTW, speaking of ->d_lock, dget_parent() is abused in a bunch of places.
I'm going through review of ->d_parent and ->d_name uses; will post
the results when it's done...

[*] there's also !@$#!@#!@# {ncp,smb}_fill_cache() that does change of
letters' case in ->d_name; no locking whatsoever in there, luckily for
that crap the callers hold i_mutex on parent, so they get exclusion with
potential callers of d_move().  Bad Idea All Around(tm), but irrelevant
for our purposes.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ