| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20111130071319.GA16711@onthe.net.au> Date: Wed, 30 Nov 2011 18:13:19 +1100 From: Chris Dunlop <chris@...he.net.au> To: "Myklebust, Trond" <Trond.Myklebust@...app.com> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, Eric Van Hensbergen <ericvh@...il.com>, Ron Minnich <rminnich@...dia.gov>, Latchesar Ionkov <lucho@...kov.net>, David Howells <dhowells@...hat.com>, Jan Harkes <jaharkes@...cmu.edu>, "maintainer:CODA FILE SYSTEM" <coda@...cmu.edu>, Dave Kleikamp <shaggy@...nel.org>, Petr Vandrovec <petr@...drovec.name>, Greg Kroah-Hartman <gregkh@...e.de>, Al Viro <viro@...iv.linux.org.uk>, v9fs-developer@...ts.sourceforge.net, linux-afs@...ts.infradead.org, codalist@...EMANN.coda.cs.cmu.edu, jfs-discussion@...ts.sourceforge.net, linux-nfs@...r.kernel.org Subject: Re: [PATCH 1/1] fix d_revalidate oopsen on NFS exports On Tue, Nov 29, 2011 at 03:58:07AM -0800, Myklebust, Trond wrote: >> -----Original Message----- >> From: Chris Dunlop [mailto:chris@...he.net.au] >> Sent: Tuesday, November 29, 2011 3:25 AM >> >> I haven't seen any response to this patch which fixes an Oops in >> d_revalidate. I hit this using NFS, but various other file systems look to be >> likewise vulnerable, hence the broadness of the patch. The sequence leading >> to the Oops is: >> >> lookup_one_len() [fs/namei.c] >> calls __lookup_hash() [fs/namei.c] with nd == NULL, >> which can then call the file system specific d_revalidate(), passing in nd == NULL >> which will then Oops if nd is used without checking > > That's because you are "fixing" the wrong bug and if you'd checked the > list archives, you'd know that this has already been discussed several > times... Augh! Apologies. > By allowing stacked filesystems to pass nd==NULL (the VFS doesn't do > this), you're circumventing the lookup intent mechanisms and will hit > all sorts of problems further down the road. If you want to fix the > problem, then please fix the broken stacking filesystems to stop using > lookup_one_len... OK. To avoid other people further wasting their and your time on exactly the same thing future, how something like the following patch, based on your comment in: http://article.gmane.org/gmane.linux.nfs/40370 ...and, if that's acceptable, is it worthwhile doing for the other file systems which are likewise currently vulnerable when abused by broken layered file systems? Chris ---------------------------------------------------------------------- Don't oops when abused by broken layered file systems Signed-off-by: Chris Dunlop <chris@...he.net.au> --- fs/nfs/dir.c | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c index b238d95..f872f29 100644 --- a/fs/nfs/dir.c +++ b/fs/nfs/dir.c @@ -1103,6 +1103,12 @@ static int nfs_lookup_revalidate(struct dentry *dentry, struct nameidata *nd) struct nfs_fattr *fattr = NULL; int error; + /* + * We don't support layered filesystems that don't do intents + */ + if (nd == NULL) + return -EIO; + if (nd->flags & LOOKUP_RCU) return -ECHILD; -- 1.7.0.4 ---------------------------------------------------------------------- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists