| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 12 Oct 2014 05:37:37 +0100 From: Al Viro <viro@...IV.linux.org.uk> To: Eric Biggers <ebiggers3@...il.com> Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: fs/namei.c: Misuse of sequence counts? On Sat, Oct 11, 2014 at 11:01:42PM -0500, Eric Biggers wrote: > On Sun, Oct 12, 2014 at 01:12:59AM +0100, Al Viro wrote: > > > > Huh? What's to guarantee that dentry hasn't become negative since the > > moment we'd fetched the seqcount? _That_ is the problem we are dealing > > with here - link_path_walk() relies on nd->inode being non-NULL. > > Hmm, I guess that makes sense. So the code is actually verifying that the inode > is still the inode that was referenced from the current or root directory when > nd->path was set. But couldn't the problem also be solved by setting nd->inode > directly in the fs->seq retry loops? Gets clumsy in set_root_rcu() - you do *not* want it to bugger nd->inode when done by follow_dotdot_rcu(), so we'd need either some indication which caller it is, or something like struct inode **inode in argument list, with NULL passed from follow_dotdot_rcu(), while path_init() would give it &nd->inode... Doable, but unpleasant. And the price of that check is trivial - after all, in case we *don't* bugger off immediately, we have that ->d_seq in cache - we'd fetched it just before. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists