lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Aug 2010 13:36:10 +0200
From:	Adam Lackorzynski <adam@...inf.tu-dresden.de>
To:	Bian Naimeng <biannm@...fujitsu.com>
Cc:	Trond Myklebust <Trond.Myklebust@...app.com>,
	linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
	stable@...nel.org
Subject: Re: 2.6.35.2: NFS related Oops


On Wed Aug 18, 2010 at 10:49:04 +0800, Bian Naimeng wrote:
> >>>  	/* We can't create new files, or truncate existing ones here */
> >>>  	openflags &= ~(O_CREAT|O_TRUNC);
> >>> -- 
> >> Nope. The problem is the recent switch to LOOKUP_EXCL as the authority
> >> for whether or not we're doing an exclusive create.
> >>
> >> Does the following patch work?
> >>
> > 
> >   Hi Trond, i guess it's not work.
> > 
> >   As i see, if we want get LOOKUP_EXCL at nd->flags,  we must open file with 
> >   O_CREAT and O_EXCL, "nd->flags & LOOKUP_EXCL" have the same effect with
> >   "(openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)", so i think the kernel
> >   still crash, right?

I can confirm, it's oopsing.

> What about this one?

This one works.

> 
>    We we open a positive file just with O_EXCL but no O_CREAT, may cause kernel crash.
> 
>   Signed-off-by: Bian Naimeng <biannm@...fujitsu.com>
> 
> ---
>  fs/namei.c   |    7 +++----
>  fs/nfs/dir.c |    2 +-
>  2 files changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/fs/namei.c b/fs/namei.c
> index 17ea76b..6680a38 100644
> --- a/fs/namei.c
> +++ b/fs/namei.c
> @@ -1813,11 +1813,10 @@ reval:
>  	nd.intent.open.create_mode = mode;
>  	nd.flags &= ~LOOKUP_PARENT;
>  	nd.flags |= LOOKUP_OPEN;
> -	if (open_flag & O_CREAT) {
> +	if (open_flag & O_CREAT)
>  		nd.flags |= LOOKUP_CREATE;
> -		if (open_flag & O_EXCL)
> -			nd.flags |= LOOKUP_EXCL;
> -	}
> +	if (open_flag & O_EXCL)
> +		nd.flags |= LOOKUP_EXCL;
>  	if (open_flag & O_DIRECTORY)
>  		nd.flags |= LOOKUP_DIRECTORY;
>  	if (!(open_flag & O_NOFOLLOW))
> diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
> index 29539ce..bc25da9 100644
> --- a/fs/nfs/dir.c
> +++ b/fs/nfs/dir.c
> @@ -1100,7 +1100,7 @@ static int nfs_open_revalidate(struct dentry *dentry, struct nameidata *nd)
>  		goto no_open_dput;
>  	openflags = nd->intent.open.flags;
>  	/* We cannot do exclusive creation on a positive dentry */
> -	if ((openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL))
> +	if (nd->flags & LOOKUP_EXCL)
>  		goto no_open_dput;
>  	/* We can't create new files, or truncate existing ones here */
>  	openflags &= ~(O_CREAT|O_TRUNC);
> -- 
> 1.7.0

Adam
-- 
Adam                 adam@...inf.tu-dresden.de
  Lackorzynski         http://os.inf.tu-dresden.de/~adam/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ