lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150323023740.8161.51849.stgit@notabene.brown>
Date:	Mon, 23 Mar 2015 13:37:40 +1100
From:	NeilBrown <neilb@...e.de>
To:	Al Viro <viro@...IV.linux.org.uk>
Cc:	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 14/20] VFS/namei: add 'inode' arg to put_link().

When symlinks are followed in RCU-walk, dentry->d_inode
may have changed between the call to ->follow_link and
the call to ->put_link.
So we need to preserve the inode used in the first instance,
and use it to find the correct put_link.

Note that this means that when RCU-walk is permitted in
->follow_link, dentry->d_inode cannot be used in ->put_link.

Signed-off-by: NeilBrown <neilb@...e.de>
---
 Documentation/filesystems/porting |    4 ++++
 fs/namei.c                        |   20 ++++++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/Documentation/filesystems/porting b/Documentation/filesystems/porting
index eba8dd0a13e3..09454610515c 100644
--- a/Documentation/filesystems/porting
+++ b/Documentation/filesystems/porting
@@ -490,3 +490,7 @@ in your dentry operations instead.
 	The passed inode must be used rather than dentry->d_inode,
 	particularly if LOOKUP_RCU is set.
 	If s_fs_info is used, it must be freed using RCU.
+--
+[mandatory]
+	If ->follow_link permits RCU-walk, then ->put_link must
+	not access dentry->d_inode as that may have changed.
diff --git a/fs/namei.c b/fs/namei.c
index 224b1495edae..72f5a4f91855 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -763,9 +763,9 @@ static void terminate_walk(struct nameidata *nd)
 	}
 }
 
-static inline void put_link(struct nameidata *nd, struct path *link, void *cookie)
+static inline void put_link(struct nameidata *nd, struct path *link,
+			    struct inode *inode, void *cookie)
 {
-	struct inode *inode = link->dentry->d_inode;
 	if (inode->i_op->put_link)
 		inode->i_op->put_link(link->dentry, nd_get_link(nd), cookie);
 	if (!(nd->flags & LOOKUP_LINK_RCU))
@@ -934,7 +934,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
 	if (s) {
 		if (unlikely(IS_ERR(s))) {
 			terminate_walk(nd);
-			put_link(nd, link, *p);
+			put_link(nd, link, inode, *p);
 			return PTR_ERR(s);
 		}
 		if (*s == '/') {
@@ -948,7 +948,7 @@ follow_link(struct path *link, struct nameidata *nd, void **p)
 		nd->inode = nd->path.dentry->d_inode;
 		error = link_path_walk(s, nd);
 		if (unlikely(error))
-			put_link(nd, link, *p);
+			put_link(nd, link, inode, *p);
 	}
 
 	return error;
@@ -1669,13 +1669,14 @@ static inline int nested_symlink(struct path *path, struct nameidata *nd)
 
 	do {
 		struct path link = *path;
+		struct inode *inode = link.dentry->d_inode;
 		void *cookie;
 
 		res = follow_link(&link, nd, &cookie);
 		if (res)
 			break;
 		res = walk_component(nd, path, LOOKUP_FOLLOW);
-		put_link(nd, &link, cookie);
+		put_link(nd, &link, inode, cookie);
 	} while (res > 0);
 
 	nd->link_count--;
@@ -2036,6 +2037,7 @@ static int path_lookupat(int dfd, const char *name,
 		while (err > 0) {
 			void *cookie;
 			struct path link = path;
+			struct inode *inode = link.dentry->d_inode;
 			err = may_follow_link(&link, nd);
 			if (unlikely(err))
 				break;
@@ -2044,7 +2046,7 @@ static int path_lookupat(int dfd, const char *name,
 			if (err)
 				break;
 			err = lookup_last(nd, &path);
-			put_link(nd, &link, cookie);
+			put_link(nd, &link, inode, cookie);
 		}
 	}
 
@@ -2396,6 +2398,7 @@ path_mountpoint(int dfd, const char *name, struct path *path, unsigned int flags
 	while (err > 0) {
 		void *cookie;
 		struct path link = *path;
+		struct inode *inode = link.dentry->d_inode;
 		err = may_follow_link(&link, &nd);
 		if (unlikely(err))
 			break;
@@ -2404,7 +2407,7 @@ path_mountpoint(int dfd, const char *name, struct path *path, unsigned int flags
 		if (err)
 			break;
 		err = mountpoint_last(&nd, path);
-		put_link(&nd, &link, cookie);
+		put_link(&nd, &link, inode, cookie);
 	}
 out:
 	path_cleanup(&nd);
@@ -3281,6 +3284,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
 	error = do_last(nd, &path, file, op, &opened, pathname);
 	while (unlikely(error > 0)) { /* trailing symlink */
 		struct path link = path;
+		struct inode *inode = link.dentry->d_inode;
 		void *cookie;
 		if (!(nd->flags & LOOKUP_FOLLOW)) {
 			path_to_nameidata(&path, nd);
@@ -3297,7 +3301,7 @@ static struct file *path_openat(int dfd, struct filename *pathname,
 		if (unlikely(error))
 			break;
 		error = do_last(nd, &path, file, op, &opened, pathname);
-		put_link(nd, &link, cookie);
+		put_link(nd, &link, inode, cookie);
 	}
 out:
 	path_cleanup(nd);


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ