lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190405113304.GA28420@kroah.com> Date: Fri, 5 Apr 2019 13:33:04 +0200 From: Greg KH <gregkh@...uxfoundation.org> To: Gaurav Kohli <gkohli@...eaurora.org> Cc: tj@...nel.org, linux-kernel@...r.kernel.org, linux-arm-msm@...r.kernel.org, Mukesh Ojha <mojha@...eaurora.org> Subject: Re: [PATCH v0] kernfs: Skip kernfs_put of parent from child node On Fri, Apr 05, 2019 at 04:51:07PM +0530, Gaurav Kohli wrote: > While adding kernfs node for child to the parent kernfs > node and when child node founds that parent kn count is > zero, then below comes like: > > WARNING: fs/kernfs/dir.c:494 kernfs_get+0x64/0x88 > > This indicates that parent is in kernfs_put path/ or already > freed, and if the child node keeps continue to > make new kernfs node, then there is chance of > below race for parent node: > > CPU0 CPU1 > //Parent node //child node > kernfs_put > atomic_dec_and_test(&kn->count) > //count is 0, so continue > kernfs_new_node(child) > kernfs_get(parent); > //increment parent count to 1 > //warning come as parent count is 0 > /* link in */ > kernfs_add_one(kn); > // this should fail as parent is > //in free path. > kernfs_put(child) > kmem_cache_free(parent) > kmem_cache_free(child) > kn = parent > atomic_dec_and_test(&kn->count)) > //this is 0 now, so release will > continue for parent. > kmem_cache_free(parent) > > To prevent this race, child simply has to decrement count of parent > kernfs node and keep continue the free path for itself. > > Signed-off-by: Gaurav Kohli <gkohli@...eaurora.org> > Signed-off-by: Mukesh Ojha <mojha@...eaurora.org> > > diff --git a/fs/kernfs/dir.c b/fs/kernfs/dir.c > index b84d635..d5a36e8 100644 > --- a/fs/kernfs/dir.c > +++ b/fs/kernfs/dir.c > @@ -515,7 +515,6 @@ void kernfs_put(struct kernfs_node *kn) > if (!kn || !atomic_dec_and_test(&kn->count)) > return; > root = kernfs_root(kn); > - repeat: > /* > * Moving/renaming is always done while holding reference. > * kn->parent won't change beneath us. > @@ -545,8 +544,8 @@ void kernfs_put(struct kernfs_node *kn) > > kn = parent; > if (kn) { > - if (atomic_dec_and_test(&kn->count)) > - goto repeat; > + /* Parent may be on free path, so simply decrement the count */ That's the wrong indentation :( And how are you hitting this issue? What user of kernfs is causing this? thanks, greg k-h
Powered by blists - more mailing lists