lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 27 Sep 2018 08:36:23 +0200
From:   Miklos Szeredi <miklos@...redi.hu>
To:     Amir Goldstein <amir73il@...il.com>
Cc:     syzbot <syzbot+a55ccfc8a853d3cff213@...kaller.appspotmail.com>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        overlayfs <linux-unionfs@...r.kernel.org>
Subject: Re: possible deadlock in path_openat

On Thu, Sep 27, 2018 at 8:05 AM, Amir Goldstein <amir73il@...il.com> wrote:

> So this is interesting... if there is a file in overlayfs lower layer with
> the f_op read = seq_read then &p->lock in the chain above could be
> takes after ovl locks and that is in reveres order to the order of locks
> in execve on an overlayfs file.
>
> On the one hand, it is possible (not sure if desirable) to use filesystems
> with seq_file like debugfs as overlay lower fs, but on the other hand,
> it is not possible to copy up a debugfs file with its original content
> because (at least for most files I looked) the inode size is reported as 0.
>
> Also, from v4.19-rc1, with stacked f_op, ovl_read_iter() calls vfs_iter_read(),
> so overlayfs is no longer tolerant to underlying files that implement f_op read
> (and not read_iter), thus, it is no longer possible to read lower debugfs files.
>
> That said, if there are files in lower layer that user seq_read f_op and have
> non zero inode size, the deadlock reported above might be possible.
>
> Miklos,
>
> What do you recon we should do?
> Blacklist debugfs just like procfs was blacklisted from fs stacking?
> Improve the heuristics of ovl_dentry_weird() to cover debugfs and friends?

I think that's the best plan.  There doesn't seem to be any sense in
supporting debugfs and similar weirdness as lower layer, so the best
course of action would be to deny at the earilest possible point in
time.

Thanks,
Miklos

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ