lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Jul 2013 10:38:57 -0700
From:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:	Oleg Nesterov <oleg@...hat.com>
Cc:	Steven Rostedt <rostedt@...dmis.org>,
	Masami Hiramatsu <masami.hiramatsu.pt@...achi.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Al Viro <viro@...iv.linux.org.uk>,
	Alexander Z Lam <azl@...gle.com>,
	Arnaldo Carvalho de Melo <acme@...stprotocols.net>,
	David Sharp <dhsharp@...gle.com>,
	Frederic Weisbecker <fweisbec@...il.com>,
	Ingo Molnar <mingo@...hat.com>,
	Peter Zijlstra <a.p.zijlstra@...llo.nl>,
	Srikar Dronamraju <srikar@...ux.vnet.ibm.com>,
	Vaibhav Nagarnaik <vnagarnaik@...gle.com>,
	"zhangwei(Jovi)" <jovi.zhangwei@...wei.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/1] debugfs: debugfs_remove_recursive() must not rely on
 list_empty(d_subdirs)

On Fri, Jul 26, 2013 at 05:12:56PM +0200, Oleg Nesterov wrote:
> debugfs_remove_recursive() is wrong,
> 
> 1. it wrongly assumes that !list_empty(d_subdirs) means that this
>    dir should be removed.
> 
>    This is not that bad by itself, but:
> 
> 2. if d_subdirs does not becomes empty after __debugfs_remove()
>    it gives up and silently fails, it doesn't even try to remove
>    other entries.
> 
>    However ->d_subdirs can be non-empty because it still has the
>    already deleted !debugfs_positive() entries.
> 
> 3. simple_release_fs() is called even if __debugfs_remove() fails.
> 
> Suppose we have
> 
> 	dir1/
> 		dir2/
> 			file2
> 		file1
> 
> and someone opens dir1/dir2/file2.
> 
> Now, debugfs_remove_recursive(dir1/dir2) succeeds, and dir1/di2 goes
> away.
> 
> But debugfs_remove_recursive(dir1) silently fails and doesn't remove
> this directory. Because it tries to delete (the already deleted)
> dir1/dir2/file2 again and then fails due to "Avoid infinite loop"
> logic.
> 
> Test-case:
> 
> 	#!/bin/sh
> 
> 	cd /sys/kernel/debug/tracing
> 	echo 'p:probe/sigprocmask sigprocmask' >> kprobe_events
> 	sleep 1000 < events/probe/sigprocmask/id &
> 	echo -n >| kprobe_events
> 
> 	[ -d events/probe ] && echo "ERR!! failed to rm probe"
> 
> And after that it is not possible to create another probe entry.
> 
> With this patch debugfs_remove_recursive() skips !debugfs_positive()
> files although this is not strictly needed. The most important change
> is that it does not try to make ->d_subdirs empty, it simply scans
> the whole list(s) recursively and removes as much as possible.
> 
> Signed-off-by: Oleg Nesterov <oleg@...hat.com>

Acked-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ