lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Feb 2017 02:55:16 +0000 From: Al Viro <viro@...IV.linux.org.uk> To: James Bottomley <James.Bottomley@...senPartnership.com> Cc: Vivek Goyal <vgoyal@...hat.com>, Djalal Harouni <tixxdz@...il.com>, Chris Mason <clm@...com>, Theodore Tso <tytso@....edu>, Josh Triplett <josh@...htriplett.org>, "Eric W. Biederman" <ebiederm@...ssion.com>, Andy Lutomirski <luto@...nel.org>, Seth Forshee <seth.forshee@...onical.com>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, Dongsu Park <dongsu@...ocode.com>, David Herrmann <dh.herrmann@...glemail.com>, Miklos Szeredi <mszeredi@...hat.com>, Alban Crequy <alban.crequy@...il.com>, "Serge E. Hallyn" <serge@...lyn.com>, Phil Estes <estesp@...il.com> Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount On Thu, Feb 16, 2017 at 07:56:30AM -0800, James Bottomley wrote: > > Hi James, > > > > Should it be "return d_splice_alias()" so that if we find an alias it > > is returned back to caller and passed in dentry can be freed. Though > > I don't know in what cases alias can be found. And if alias is found > > how do we make sure alias_dentry->d_fsdata is pointing to new (real > > dentry). > > It probably should be for the sake of the pattern. In our case I don't > think we can have any root aliases because the root dentry is always > pinned in the cache, so cache lookup should always find it. What does that have to do with root dentry? The real reason why that code works (FVerySVO) is that the damn thing allocates a new inode every time. Including the hardlinks, BTW. So d_splice_alias() will always return NULL - there's no way for any dentries to be pointing to in-core struct inode you've just allocated. Short of a use-after-free, that is... Unless I'm missing something subtle, the whole thing is fucked in head wrt cache coherency - its dentries are blindly assumed to be forever valid, no matter what's happening with the underlying filesystem.
Powered by blists - more mailing lists