| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <87d1r2uh95.fsf@rasmusvillemoes.dk>
Date: Thu, 10 Mar 2016 22:59:02 +0100
From: Rasmus Villemoes <linux@...musvillemoes.dk>
To: Nicolai Stange <nicstange@...il.com>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH v5 1/8] debugfs: prevent access to possibly dead file_operations at file open
On Sun, Mar 06 2016, Nicolai Stange <nicstange@...il.com> wrote:
> + *
> + * Allow any ongoing concurrent call into debugfs_remove() or
> + * debugfs_remove_recursive() blocked by a former call to
> + * debugfs_use_file_start() to proceed and return to its caller.
> + */
> +static void debugfs_use_file_finish(int srcu_idx) __releases(&debugfs_srcu)
> +{
> + srcu_read_unlock(&debugfs_srcu, srcu_idx);
> +}
> +
> +#define F_DENTRY(filp) ((filp)->f_path.dentry)
> +
> +#define REAL_FOPS_DEREF(dentry) \
> + ((const struct file_operations *)(dentry)->d_fsdata)
> +
> +static int open_proxy_open(struct inode *inode, struct file *filp)
> +{
> + const struct dentry *dentry = F_DENTRY(filp);
> + const struct file_operations *real_fops = NULL;
> + int srcu_idx, r;
> +
> + r = debugfs_use_file_start(dentry, &srcu_idx);
> + if (r) {
> + debugfs_use_file_finish(srcu_idx);
> + r = -ENOENT;
> + goto out;
this...
> +out:
> + fops_put(real_fops);
> + debugfs_use_file_finish(srcu_idx);
... and that seems like an obvious double unlock?
Rasmus
Powered by blists - more mailing lists