| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Oct 2014 23:01:42 -0500 From: Eric Biggers <ebiggers3@...il.com> To: Al Viro <viro@...IV.linux.org.uk> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: fs/namei.c: Misuse of sequence counts? On Sun, Oct 12, 2014 at 01:12:59AM +0100, Al Viro wrote: > > Huh? What's to guarantee that dentry hasn't become negative since the > moment we'd fetched the seqcount? _That_ is the problem we are dealing > with here - link_path_walk() relies on nd->inode being non-NULL. Hmm, I guess that makes sense. So the code is actually verifying that the inode is still the inode that was referenced from the current or root directory when nd->path was set. But couldn't the problem also be solved by setting nd->inode directly in the fs->seq retry loops? (The file descriptor case could be 'nd->inode = file_inode(f.file);'.) Then there would be no need for the extra read_seqcount_retry() just for the inode. The patch you posted looks correct, but I wonder if this approach would be better. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists