lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Thu,  5 Jul 2012 18:00:05 +0400
From:	Glauber Costa <glommer@...allels.com>
To:	<linux-kernel@...r.kernel.org>
Cc:	<netdev@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Glauber Costa <glommer@...allels.com>,
	Tejun Heo <tj@...nel.org>,
	"Eric W. Biederman" <ebiederm@...ssion.com>,
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH] force dentry revalidation after namespace change

When we change the namespace tag of a sysfs entry, the associated dentry
is still kept around. readdir() will work correctly and not display the
old entries, but open() will still succeed, so will reads and writes.

This will no longer happen if sysfs is remounted, hinting that this is a
cache-related problem.

I am using the following sequence to demonstrate that:

shell1:
ip link add type veth
unshare -nm

shell2:
ip link set veth1 <pid_of_shell_1>
cat /sys/devices/virtual/net/veth1/ifindex

Before that patch, this will succeed (fail to fail). After it, it will
correctly return an error. Differently from a normal rename, which we
handle fine, changing the object namespace will keep it's path intact.
So this check seems necessary as well.

Signed-off-by: Glauber Costa <glommer@...allels.com>
CC: Tejun Heo <tj@...nel.org>
CC: Eric W. Biederman <ebiederm@...ssion.com>
CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
 fs/sysfs/dir.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index e6bb9b2..c24bdd9 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -307,6 +307,7 @@ static int sysfs_dentry_revalidate(struct dentry *dentry, struct nameidata *nd)
 {
 	struct sysfs_dirent *sd;
 	int is_dir;
+	int type;
 
 	if (nd->flags & LOOKUP_RCU)
 		return -ECHILD;
@@ -314,6 +315,10 @@ static int sysfs_dentry_revalidate(struct dentry *dentry, struct nameidata *nd)
 	sd = dentry->d_fsdata;
 	mutex_lock(&sysfs_mutex);
 
+	type = sysfs_ns_type(sd);
+	if (sd->s_ns && (sysfs_info(dentry->d_sb)->ns[type] != sd->s_ns))
+		goto out_bad;
+
 	/* The sysfs dirent has been deleted */
 	if (sd->s_flags & SYSFS_FLAG_REMOVED)
 		goto out_bad;
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists