lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 18 Mar 2015 09:54:25 -0500 From: Ben Shelton <ben.shelton@...com> To: Brian Norris <computersforpeace@...il.com> Cc: Taesoo Kim <tsgatesv@...il.com>, dedekind1@...il.com, adrian.hunter@...el.com, linux-mtd@...ts.infradead.org, linux-kernel@...r.kernel.org, taesoo@...ech.edu, sanidhya@...ech.edu, blee@...ech.edu, csong84@...ech.edu, changwoo@...ech.edu, Subodh Nijsure <snijsure@...d-net.com>, Marc Kleine-Budde <mkl@...gutronix.de>, Brad Mouring <brad.mouring@...com>, Terry Wilcox <terry.wilcox@...com>, Gratian Crisan <gratian.crisan@...com> Subject: Re: [PATCH 1/1] UBIFS: fix incorrect unlocking handling On 03/17, Brian Norris wrote: > On Tue, Mar 17, 2015 at 10:09:26PM -0400, Taesoo Kim wrote: > > When ubifs_init_security() fails, 'ui_mutex' is incorrectly > > unlocked and incorrectly restores 'i_size'. There are four > > such places that were introduce by the last commit. > > "The last commit" is not very descriptive. Are you speaking of this > commit? > > commit d7f0b70d30ffb9bbe6b8a3e1035cf0b79965ef53 > Author: Subodh Nijsure <snijsure@...d-net.com> > Date: Fri Oct 31 13:50:30 2014 -0500 > > UBIFS: Add security.* XATTR support for the UBIFS > > CC'ing authors/reviewers. > > Brian This is indeed a bug, and this patch looks like the right fix. Good catch! Reviewed-by: Ben Shelton <ben.shelton@...com> Ben > > > Signed-off-by: Taesoo Kim <tsgatesv@...il.com> > > --- > > fs/ubifs/dir.c | 11 +++++++---- > > 1 file changed, 7 insertions(+), 4 deletions(-) > > > > diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c > > index 0fa6c80..5b24bc4 100644 > > --- a/fs/ubifs/dir.c > > +++ b/fs/ubifs/dir.c > > @@ -272,7 +272,7 @@ static int ubifs_create(struct inode *dir, struct dentry *dentry, umode_t mode, > > > > err = ubifs_init_security(dir, inode, &dentry->d_name); > > if (err) > > - goto out_cancel; > > + goto out_inode; > > > > mutex_lock(&dir_ui->ui_mutex); > > dir->i_size += sz_change; > > @@ -292,6 +292,7 @@ out_cancel: > > dir->i_size -= sz_change; > > dir_ui->ui_size = dir->i_size; > > mutex_unlock(&dir_ui->ui_mutex); > > +out_inode: > > make_bad_inode(inode); > > iput(inode); > > out_budg: > > @@ -732,7 +733,7 @@ static int ubifs_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode) > > > > err = ubifs_init_security(dir, inode, &dentry->d_name); > > if (err) > > - goto out_cancel; > > + goto out_inode; > > > > mutex_lock(&dir_ui->ui_mutex); > > insert_inode_hash(inode); > > @@ -757,6 +758,7 @@ out_cancel: > > dir_ui->ui_size = dir->i_size; > > drop_nlink(dir); > > mutex_unlock(&dir_ui->ui_mutex); > > +out_inode: > > make_bad_inode(inode); > > iput(inode); > > out_budg: > > @@ -816,7 +818,7 @@ static int ubifs_mknod(struct inode *dir, struct dentry *dentry, > > > > err = ubifs_init_security(dir, inode, &dentry->d_name); > > if (err) > > - goto out_cancel; > > + goto out_inode; > > > > mutex_lock(&dir_ui->ui_mutex); > > dir->i_size += sz_change; > > @@ -836,6 +838,7 @@ out_cancel: > > dir->i_size -= sz_change; > > dir_ui->ui_size = dir->i_size; > > mutex_unlock(&dir_ui->ui_mutex); > > +out_inode: > > make_bad_inode(inode); > > iput(inode); > > out_budg: > > @@ -896,7 +899,7 @@ static int ubifs_symlink(struct inode *dir, struct dentry *dentry, > > > > err = ubifs_init_security(dir, inode, &dentry->d_name); > > if (err) > > - goto out_cancel; > > + goto out_inode; > > > > mutex_lock(&dir_ui->ui_mutex); > > dir->i_size += sz_change; > > -- > > 2.3.3 > > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists