lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110114162914.GA1782@nowhere>
Date:	Fri, 14 Jan 2011 17:29:19 +0100
From:	Frederic Weisbecker <fweisbec@...il.com>
To:	Américo Wang <xiyou.wangcong@...il.com>
Cc:	Dave Anderson <anderson@...hat.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] /proc/kcore: fix seeking

On Fri, Jan 14, 2011 at 05:44:42PM +0800, Américo Wang wrote:
> On Tue, Jan 11, 2011 at 05:23:23PM +0100, Frederic Weisbecker wrote:
> >On Wed, Jan 12, 2011 at 12:04:37AM +0800, Américo Wang wrote:
> >> On Mon, Jan 10, 2011 at 09:42:29AM -0500, Dave Anderson wrote:
> >> >From: Dave Anderson <anderson@...hat.com>
> >> >
> >> >Commit 34aacb2920667d405a8df15968b7f71ba46c8f18
> >> >("procfs: Use generic_file_llseek in /proc/kcore")
> >> >broke seeking on /proc/kcore.  This changes it back
> >> >to use default_llseek in order to restore the original
> >> >behavior.
> >> >
> >> >The problem with generic_file_llseek is that it only
> >> >allows seeks up to inode->i_sb->s_maxbytes, which is
> >> >2GB-1 on procfs, where the memory file offset values in
> >> >the /proc/kcore PT_LOAD segments may exceed or start
> >> >beyond that offset value.
> >> >
> >> 
> >> Is the race solved? Using default_llseek() still races
> >> with read_kcore() on fpos, AFAIK.
> >
> >Hmm, how does it race there?
> >
> >read_kcore() manipulates fpos, which can't be changed behind
> >us inside the read callback as it's a snapshot. Also read_kcore()
> >can change the value of fpos, which is writed back to file->fpos
> >from sys_read().
> >
> >So the last resulting race here the natural one between
> >seeking and reading, which is up to the user to take care
> >of.
> 
> Hmm, I just read the changelog of commit
> 34aacb2920667d405a8df15968b7f71ba46c8f18, which claims to fix
> the race. So anything changed in vfs layer after that?


Ah it didn't fix any race, it just got rid of the bkl, OTOH
I said in my changelog:

	"/proc/kcore has no llseek and then falls down to use default_llseek.
	This is racy against read_kcore() that directly manipulates fpos
	but it doesn't hold the bkl there so using it in llseek doesn't
	protect anything."

So I think this just testifies my crude misunderstanding of the code when I wrote
that changelog. I didn't realize fpos is a copy of the file offset that is writed back
later. Hence my changelog was buggy.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ