lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110718002524.GU11013@ZenIV.linux.org.uk>
Date:	Mon, 18 Jul 2011 01:25:24 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Hugh Dickins <hughd@...gle.com>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Nick Piggin <npiggin@...nel.dk>, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] vfs: fix race in rcu lookup of pruned dentry

On Sun, Jul 17, 2011 at 04:47:45PM -0700, Hugh Dickins wrote:
> On Sun, 17 Jul 2011, Linus Torvalds wrote:
> > On Sun, Jul 17, 2011 at 4:16 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
> > >
> > > OR
> > >
> > > ?- keep part of the patch from Hugh, treating negative in RCU mode as
> > > "need to unlazy".
> > 
> > No, urgh, that's horrible.
> > 
> > Not being able to do an RCU lookup of negative dentries would be
> > really sad. There are some loads where a negative dentry is the
> > *common* case.
> 
> Yes, that worried me too.

Grr...  What do you think we need to do when we find a negative dentry in
RCU lookup?  We can
	* check its ->d_seq, to see if it's valid
	* somehow (e.g. with what Linus suggested) try to walk further and
leave staleness checks for dentries we would encounter later in the walk.

If it's in the end of pathname, there is no choice at all - we need to
check ->d_seq of this one.  Right?  And we do exactly that.  If we see
that it's for real, fine we got ourselves a reference to negative dentry
and can go ahead.  If it's something like stat(2), we'll just do dput()
and bugger off.  Refcounts of everything on the path to it are unaffected,
no global locks played with...

If it's in the middle of pathname, we could try to delay the check.  And
what would it buy us?  If that dentry was stale, we'd just walk a bit
deeper.  And found a stale one at some later point.  And restarted pathname
resolution in non-lazy mode from the very beginning.  If it wasn't stale
(i.e. real negative dentry), we *do* want -ENOENT and we'll get it as soon
as unlazy_walk() will check ->d_seq and we plod through the rest of
do_lookup() to check in walk_component().  We won't redo d_lookup(), lock
i_mutex, etc.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ