lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Tue,  3 Feb 2015 18:03:34 +0100
From:	Fabian Frederick <fabf@...net.be>
To:	linux-kernel@...r.kernel.org
Cc:	Fabian Frederick <fabf@...net.be>,
	Evgeniy Dushistov <dushistov@...l.ru>,
	Andrew Morton <akpm@...ux-foundation.org>
Subject: [PATCH 1/1 linux-next] fs/ufs/super.c: fix potential race condition

Let locking subsystem decide on mutex management.
As reported by Andrew Morton this patch fixes a bug:

"
lock_ufs() is assuming that on non-preempt uniprocessor, the calling
code will run atomically up to the matching unlock_ufs().

But that isn't true. The very first site I looked at (ufs_frag_map)
does sb_bread() under lock_ufs().  And sb_bread() will call schedule(),
very commonly.

The ->mutex_owner stuff is a bit hacky but should work OK.
"

Cc: Evgeniy Dushistov <dushistov@...l.ru>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Fabian Frederick <fabf@...net.be>
---
 fs/ufs/super.c | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/fs/ufs/super.c b/fs/ufs/super.c
index e515e99..8092d37 100644
--- a/fs/ufs/super.c
+++ b/fs/ufs/super.c
@@ -95,22 +95,18 @@
 
 void lock_ufs(struct super_block *sb)
 {
-#if defined(CONFIG_SMP) || defined (CONFIG_PREEMPT)
 	struct ufs_sb_info *sbi = UFS_SB(sb);
 
 	mutex_lock(&sbi->mutex);
 	sbi->mutex_owner = current;
-#endif
 }
 
 void unlock_ufs(struct super_block *sb)
 {
-#if defined(CONFIG_SMP) || defined (CONFIG_PREEMPT)
 	struct ufs_sb_info *sbi = UFS_SB(sb);
 
 	sbi->mutex_owner = NULL;
 	mutex_unlock(&sbi->mutex);
-#endif
 }
 
 static struct inode *ufs_nfs_get_inode(struct super_block *sb, u64 ino, u32 generation)
-- 
2.1.0

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists