lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20150316194622.GA29656@ZenIV.linux.org.uk>
Date:	Mon, 16 Mar 2015 19:46:22 +0000
From:	Al Viro <viro@...IV.linux.org.uk>
To:	NeilBrown <neilb@...e.de>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 01/13] VFS: replace {, total_}link_count in task_struct
 with pointer to nameidata

On Mon, Mar 16, 2015 at 03:43:19PM +1100, NeilBrown wrote:

> -	if (unlikely(current->total_link_count >= 40))
> +	if (unlikely(current->nameidata->total_link_count >= 40))

Huh?  nd->total_link_count, please.
>  
> -	current->total_link_count++;
> +	current->nameidata->total_link_count++;

Similar.

> @@ -991,8 +1008,8 @@ static int follow_automount(struct path *path, unsigned flags,
>  	    path->dentry->d_inode)
>  		return -EISDIR;
>  
> -	current->total_link_count++;
> -	if (current->total_link_count >= 40)
> +	current->nameidata->total_link_count++;
> +	if (current->nameidata->total_link_count >= 40)
>  		return -ELOOP;

We probably ought to pass nd through follow_mount / follow_automount, instead
of nd->flags, and use nd->total_link_count here.

> -	if (unlikely(current->link_count >= MAX_NESTED_LINKS)) {
> +	if (unlikely(current->nameidata->link_count >= MAX_NESTED_LINKS)) {

Again, nd->link_count.

> @@ -1948,7 +1965,7 @@ static int path_init(int dfd, const char *name, unsigned int flags,
>  	rcu_read_unlock();
>  	return -ECHILD;
>  done:
> -	current->total_link_count = 0;
> +	current->nameidata->total_link_count = 0;

... and again.

>  	return link_path_walk(name, nd);
>  }
>  
> @@ -2027,7 +2044,9 @@ static int path_lookupat(int dfd, const char *name,
>  static int filename_lookup(int dfd, struct filename *name,
>  				unsigned int flags, struct nameidata *nd)
>  {
> -	int retval = path_lookupat(dfd, name->name, flags | LOOKUP_RCU, nd);
> +	int retval;
> +	struct nameidata *saved_nd = set_nameidata(nd);

I'm not sure it's the right place ;-/  I'll play with that a bit and see
if I can get it cleaner...

> -	struct nameidata nd;
> +	struct nameidata nd, *saved = set_nameidata(&nd);
>  	void *cookie;
>  	int res;
>  
> @@ -4441,6 +4465,7 @@ int generic_readlink(struct dentry *dentry, char __user *buffer, int buflen)
>  	res = readlink_copy(buffer, buflen, nd_get_link(&nd));
>  	if (dentry->d_inode->i_op->put_link)
>  		dentry->d_inode->i_op->put_link(dentry, &nd, cookie);
> +	set_nameidata(saved);
>  	return res;

Now, _that_ is broken - get ERR_PTR(...) from ->follow_link() and you've
leaked nameidata.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ