lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20101209005029.GC32766@dastard>
Date:	Thu, 9 Dec 2010 11:50:29 +1100
From:	Dave Chinner <david@...morbit.com>
To:	Nick Piggin <npiggin@...nel.dk>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 02/46] fs: d_validate fixes

On Wed, Dec 08, 2010 at 05:59:55PM +1100, Nick Piggin wrote:
> On Wed, Dec 08, 2010 at 12:53:44PM +1100, Dave Chinner wrote:
> > On Sat, Nov 27, 2010 at 08:44:32PM +1100, Nick Piggin wrote:
> > > d_validate has been broken for a long time.
> > > 
> > > kmem_ptr_validate does not guarantee that a pointer can be dereferenced
> > > if it can go away at any time. Even rcu_read_lock doesn't help, because
> > > the pointer might be queued in RCU callbacks but not executed yet.
> > > 
> > > So the parent cannot be checked, nor the name hashed. The dentry pointer
> > > can not be touched until it can be verified under lock. Hashing simply
> > > cannot be used.
> > > 
> > > Instead, verify the parent/child relationship by traversing parent's
> > > d_child list. It's slow, but only ncpfs and the destaged smbfs care
> > > about it, at this point.
> > 
> > I'd drop the previous revert patch and just convert the RCU hash
> > traversal straight to the d_child traversal code you introduce here.
> > This is a much better explanation of why the d_validate mechanism
> > needs to be changed, and the revert is really an unnecessary extra
> > step...
> 
> Has to be backported, though.

Backported where? The d_validate() change only got included in .37-rc1.

> Patch that is to be reverted obviously
> adds more brokenness and is a good example that you cannot dget() under
> rcu read protection even if the rest of the surrounding function is
> bugfree. I wouldn't have thought it's a big deal.

Reverting something broken to something already broken just to fix
to the less broken version seems like an unnecessary step. Just
fix the brokenneѕs in a single patch - no need to indirect the real
fix through a revert. One less patch to worry about.

Cheers,

Dave.
-- 
Dave Chinner
david@...morbit.com
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ