lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 29 Nov 2011 03:58:07 -0800
From:	"Myklebust, Trond" <Trond.Myklebust@...app.com>
To:	"Chris Dunlop" <chris@...he.net.au>,
	<linux-fsdevel@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
	"Eric Van Hensbergen" <ericvh@...il.com>,
	"Ron Minnich" <rminnich@...dia.gov>,
	"Latchesar Ionkov" <lucho@...kov.net>,
	"David Howells" <dhowells@...hat.com>,
	"Jan Harkes" <jaharkes@...cmu.edu>,
	"maintainer:CODA FILE SYSTEM" <coda@...cmu.edu>,
	"Dave Kleikamp" <shaggy@...nel.org>,
	"Petr Vandrovec" <petr@...drovec.name>,
	"Greg Kroah-Hartman" <gregkh@...e.de>,
	"Al Viro" <viro@...iv.linux.org.uk>,
	<v9fs-developer@...ts.sourceforge.net>,
	<linux-afs@...ts.infradead.org>,
	<codalist@...EMANN.coda.cs.cmu.edu>,
	<jfs-discussion@...ts.sourceforge.net>, <linux-nfs@...r.kernel.org>
Subject: RE: [PATCH 1/1] fix d_revalidate oopsen on NFS exports

> -----Original Message-----
> From: Chris Dunlop [mailto:chris@...he.net.au]
> Sent: Tuesday, November 29, 2011 3:25 AM
> To: linux-fsdevel@...r.kernel.org; linux-kernel@...r.kernel.org; Eric
Van
> Hensbergen; Ron Minnich; Latchesar Ionkov; David Howells; Jan Harkes;
> maintainer:CODA FILE SYSTEM; Dave Kleikamp; Petr Vandrovec; Myklebust,
> Trond; Greg Kroah-Hartman; Al Viro;
v9fs-developer@...ts.sourceforge.net;
> linux-afs@...ts.infradead.org; codalist@...EMANN.coda.cs.cmu.edu; jfs-
> discussion@...ts.sourceforge.net; linux-nfs@...r.kernel.org
> Subject: Re: [PATCH 1/1] fix d_revalidate oopsen on NFS exports
> 
> Hi,
> 
> I haven't seen any response to this patch which fixes an Oops in
> d_revalidate. I hit this using NFS, but various other file systems
look to be
> likewise vulnerable, hence the broadness of the patch. The sequence
leading
> to the Oops is:
> 
> lookup_one_len() [fs/namei.c]
>    calls __lookup_hash() [fs/namei.c] with nd == NULL,
>       which can then call the file system specific d_revalidate(),
passing in nd ==
> NULL
>          which will then Oops if nd is used without checking

That's because you are "fixing" the wrong bug and if you'd checked the
list archives, you'd know that this has already been discussed several
times...

By allowing stacked filesystems to pass nd==NULL (the VFS doesn't do
this), you're circumventing  the lookup intent mechanisms and will hit
all sorts of problems further down the road. If you want to fix the
problem, then please fix the broken stacking filesystems to stop using
lookup_one_len...

Trond
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ