lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Tue, 19 Mar 2013 22:04:16 +0000
From:	Vladimir Davydov <VDavydov@...allels.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	Al Viro <viro@...iv.linux.org.uk>,
	"<linux-kernel@...r.kernel.org>" <linux-kernel@...r.kernel.org>,
	"<devel@...nvz.org>" <devel@...nvz.org>,
	"Doug Ledford" <dledford@...hat.com>,
	KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Subject: Re: [PATCH] mqueue: sys_mq_open: do not call mnt_drop_write() if
 read-only

On Mar 20, 2013, at 1:09 AM, Andrew Morton <akpm@...ux-foundation.org>
 wrote:

> On Tue, 19 Mar 2013 13:31:18 +0400 Vladimir Davydov <vdavydov@...allels.com> wrote:
> 
>> mnt_drop_write() must be called only if mnt_want_write() succeeded,
>> otherwise the mnt_writers counter will diverge.
>> 
>> ...
>> 
>> --- a/ipc/mqueue.c
>> +++ b/ipc/mqueue.c
>> @@ -840,7 +840,8 @@ out_putfd:
>> 		fd = error;
>> 	}
>> 	mutex_unlock(&root->d_inode->i_mutex);
>> -	mnt_drop_write(mnt);
>> +	if (!ro)
>> +		mnt_drop_write(mnt);
>> out_putname:
>> 	putname(name);
>> 	return fd;
> 
> huh, that's been there for a while.  What were the runtime-visible
> effects of the bug?

mnt_writers counters are used to check if remounting FS as read-only is OK, so after an extra mnt_drop_write() call, it would be impossible to remount mqueue FS as read-only. Besides, on umount a warning would be printed like this one:

[  194.714880] =====================================
[  194.719680] [ BUG: bad unlock balance detected! ]
[  194.724488] 3.9.0-rc3 #5 Not tainted
[  194.728159] -------------------------------------
[  194.732958] a.out/12486 is trying to release lock (sb_writers) at:
[  194.739355] [<ffffffff811b177f>] mnt_drop_write+0x1f/0x30
[  194.744851] but there are no more locks to release!

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ