| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 4 Jan 2012 16:15:04 -0700
From: Andreas Dilger <adilger.kernel@...ger.ca>
To: Djalal Harouni <tixxdz@...ndz.org>
Cc: Jan Kara <jack@...e.cz>, Andrew Morton <akpm@...ux-foundation.org>,
"Darrick J. Wong" <djwong@...ibm.com>,
Theodore Ts'o <tytso@....edu>,
Yongqiang Yang <xiaoqiangnk@...il.com>,
ext4 development <linux-ext4@...r.kernel.org>,
linux-kernel Mailing List <linux-kernel@...r.kernel.org>,
Al Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] fs/ext{3,4}: fix potential race when setversion ioctl updates inode
On 2012-01-04, at 10:46 AM, Jan Kara wrote:
> On Tue 03-01-12 02:31:52, Djalal Harouni wrote:
>>
>> The EXT{3,4}_IOC_SETVERSION ioctl() updates the inode without i_mutex,
>> this can lead to a race with the other operations that update the same
>> inode.
>>
>> Patch tested.
>
> OK, so I've taken the patch into my tree, just updated the changelog
> which result of our discussion in this thread. I also took the ext4 part
> since there is no risk of conflict and the patch looks obvious.
Actually, I'd like to hear more about whether this is a real problem, or
if it is just a theoretical problem found during code inspection or from
some static code analysis tool?
With the metadata checksum feature we were discussing using the inode
generation as part of the seed for the directory leaf block checksum, so
that it wasn't possible to incorrectly access stale directory blocks from
a previous incarnation of the same inode number.
We were discussing just disabling this ioctl on filesystems with metadata
checksums, and printing a deprecation warning for filesystems without that
feature enabled. I'm not aware of any real-world use for this ioctl, since
NFS cannot use it to reconstruct handles because there's no API to allocate
an inode with a specific number, so setting the generation is pointless.
This ioctl (despite its confusing name) is completely different from the
NFSv4 inode version, which is stored in i_version (and i_version_hi).
Cheers, Andreas
>> Signed-off-by: Djalal Harouni <tixxdz@...ndz.org>
>> ---
>> fs/ext3/ioctl.c | 6 +++++-
>> fs/ext4/ioctl.c | 6 +++++-
>> 2 files changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/fs/ext3/ioctl.c b/fs/ext3/ioctl.c
>> index ba1b54e..e7b2ed9 100644
>> --- a/fs/ext3/ioctl.c
>> +++ b/fs/ext3/ioctl.c
>> @@ -134,10 +134,11 @@ flags_out:
>> goto setversion_out;
>> }
>>
>> + mutex_lock(&inode->i_mutex);
>> handle = ext3_journal_start(inode, 1);
>> if (IS_ERR(handle)) {
>> err = PTR_ERR(handle);
>> - goto setversion_out;
>> + goto unlock_out;
>> }
>> err = ext3_reserve_inode_write(handle, inode, &iloc);
>> if (err == 0) {
>> @@ -146,6 +147,9 @@ flags_out:
>> err = ext3_mark_iloc_dirty(handle, inode, &iloc);
>> }
>> ext3_journal_stop(handle);
>> +
>> +unlock_out:
>> + mutex_unlock(&inode->i_mutex);
>> setversion_out:
>> mnt_drop_write(filp->f_path.mnt);
>> return err;
>> diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
>> index a567968..46a8de6 100644
>> --- a/fs/ext4/ioctl.c
>> +++ b/fs/ext4/ioctl.c
>> @@ -158,10 +158,11 @@ flags_out:
>> goto setversion_out;
>> }
>>
>> + mutex_lock(&inode->i_mutex);
>> handle = ext4_journal_start(inode, 1);
>> if (IS_ERR(handle)) {
>> err = PTR_ERR(handle);
>> - goto setversion_out;
>> + goto unlock_out;
>> }
>> err = ext4_reserve_inode_write(handle, inode, &iloc);
>> if (err == 0) {
>> @@ -170,6 +171,9 @@ flags_out:
>> err = ext4_mark_iloc_dirty(handle, inode, &iloc);
>> }
>> ext4_journal_stop(handle);
>> +
>> +unlock_out:
>> + mutex_unlock(&inode->i_mutex);
>> setversion_out:
>> mnt_drop_write(filp->f_path.mnt);
>> return err;
>> --
>> 1.7.1
> --
> Jan Kara <jack@...e.cz>
> SUSE Labs, CR
Cheers, Andreas
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists