lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri,  1 Aug 2014 19:18:12 +0800
From:	Jianyu Zhan <nasa4836@...il.com>
To:	tj@...nel.org, gregkh@...uxfoundation.org
Cc:	linux-kernel@...r.kernel.org, nasa4836@...il.com,
	Jianyu Zhan <Jianyu.Zhan@....com>
Subject: [PATCH RFC] sysfs: fix the race of "parent deleted before child added"

From: Jianyu Zhan <Jianyu.Zhan@....com>

I've met such a race conditon the same as what commit 3a198886
("sysfs: handle 'parent deleted before child added'") tackled.

The senario got triggered under a torturing test of quick disk
removal and plugging.

The forementioned commit 3a198886 didn't really fix this race,
it just narrows down the racy window.

A proper fix for this is to pin the parent kernfs_node on the
dir_entry creation point (sysfs_create_dir_ns), and to de-pin the parent
on the dir_entry deletion point(sysfs_remove_dir).

Though Tejun has added a comment in sysfs_remove_dir to warn such a
race and leave the option to upper layer. But wrt correct logic point,
I think it is good to add such pin behavior.

Note. another commit 26ea12de("kobject: grab an extra reference on kobject->sd
to allow duplicate deletes") also adds such a pin at the kobject layer.
But this commit tackles different issue - it pins an entry(not its parent)
after its creation, to allow duplicate deletions.

Signed-off-by: Jianyu Zhan <nasa4836@...il.com>
---
 fs/sysfs/dir.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/fs/sysfs/dir.c b/fs/sysfs/dir.c
index 0b45ff4..0ac82cd 100644
--- a/fs/sysfs/dir.c
+++ b/fs/sysfs/dir.c
@@ -49,7 +49,12 @@ int sysfs_create_dir_ns(struct kobject *kobj, const void *ns)
 	else
 		parent = sysfs_root_kn;
 
-	if (!parent)
+	/*
+	 * We might race with the parent node removal.
+	 * To avoid such race and for logic correctness,
+	 * we pin the parent node here.
+	 */
+	if (!sysfs_get(parent))
 		return -ENOENT;
 
 	kn = kernfs_create_dir_ns(parent, kobject_name(kobj),
@@ -94,6 +99,10 @@ void sysfs_remove_dir(struct kobject *kobj)
 
 	if (kn) {
 		WARN_ON_ONCE(kernfs_type(kn) != KERNFS_DIR);
+		/*
+		 * Drop our pin on parent
+		 */
+		sysfs_put(kn->parent);
 		kernfs_remove(kn);
 	}
 }
-- 
2.0.1.472.g6f92e5f

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ