lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 18 Aug 2010 10:49:04 +0800
From:	Bian Naimeng <biannm@...fujitsu.com>
To:	Trond Myklebust <Trond.Myklebust@...app.com>
CC:	Adam Lackorzynski <adam@...inf.tu-dresden.de>,
	linux-kernel@...r.kernel.org, linux-nfs@...r.kernel.org,
	stable@...nel.org
Subject: Re: 2.6.35.2: NFS related Oops

>>>  	/* We can't create new files, or truncate existing ones here */
>>>  	openflags &= ~(O_CREAT|O_TRUNC);
>>> -- 
>> Nope. The problem is the recent switch to LOOKUP_EXCL as the authority
>> for whether or not we're doing an exclusive create.
>>
>> Does the following patch work?
>>
> 
>   Hi Trond, i guess it's not work.
> 
>   As i see, if we want get LOOKUP_EXCL at nd->flags,  we must open file with 
>   O_CREAT and O_EXCL, "nd->flags & LOOKUP_EXCL" have the same effect with
>   "(openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL)", so i think the kernel
>   still crash, right?
> 

What about this one?

-- 
Regards
Bian Naimeng

-------------------------------------------------------------------------------------

   We we open a positive file just with O_EXCL but no O_CREAT, may cause kernel crash.

  Signed-off-by: Bian Naimeng <biannm@...fujitsu.com>

---
 fs/namei.c   |    7 +++----
 fs/nfs/dir.c |    2 +-
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/fs/namei.c b/fs/namei.c
index 17ea76b..6680a38 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1813,11 +1813,10 @@ reval:
 	nd.intent.open.create_mode = mode;
 	nd.flags &= ~LOOKUP_PARENT;
 	nd.flags |= LOOKUP_OPEN;
-	if (open_flag & O_CREAT) {
+	if (open_flag & O_CREAT)
 		nd.flags |= LOOKUP_CREATE;
-		if (open_flag & O_EXCL)
-			nd.flags |= LOOKUP_EXCL;
-	}
+	if (open_flag & O_EXCL)
+		nd.flags |= LOOKUP_EXCL;
 	if (open_flag & O_DIRECTORY)
 		nd.flags |= LOOKUP_DIRECTORY;
 	if (!(open_flag & O_NOFOLLOW))
diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
index 29539ce..bc25da9 100644
--- a/fs/nfs/dir.c
+++ b/fs/nfs/dir.c
@@ -1100,7 +1100,7 @@ static int nfs_open_revalidate(struct dentry *dentry, struct nameidata *nd)
 		goto no_open_dput;
 	openflags = nd->intent.open.flags;
 	/* We cannot do exclusive creation on a positive dentry */
-	if ((openflags & (O_CREAT|O_EXCL)) == (O_CREAT|O_EXCL))
+	if (nd->flags & LOOKUP_EXCL)
 		goto no_open_dput;
 	/* We can't create new files, or truncate existing ones here */
 	openflags &= ~(O_CREAT|O_TRUNC);
-- 
1.7.0



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ