| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 23 May 2019 16:32:14 +0200
From: Jann Horn <jannh@...gle.com>
To: Christian Brauner <christian@...uner.io>
Cc: Oleg Nesterov <oleg@...hat.com>, Al Viro <viro@...iv.linux.org.uk>,
kernel list <linux-kernel@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux API <linux-api@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Florian Weimer <fweimer@...hat.com>,
Thomas Gleixner <tglx@...utronix.de>,
Arnd Bergmann <arnd@...db.de>, Shuah Khan <shuah@...nel.org>,
David Howells <dhowells@...hat.com>,
Todd Kjos <tkjos@...roid.com>,
"Dmitry V. Levin" <ldv@...linux.org>,
Miklos Szeredi <miklos@...redi.hu>,
linux-alpha@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
linux-ia64@...r.kernel.org, linux-m68k@...ts.linux-m68k.org,
linux-mips@...r.kernel.org, linux-parisc@...r.kernel.org,
linuxppc-dev@...ts.ozlabs.org,
linux-s390 <linux-s390@...r.kernel.org>,
linux-sh@...r.kernel.org, sparclinux@...r.kernel.org,
linux-xtensa@...ux-xtensa.org,
linux-arch <linux-arch@...r.kernel.org>,
"open list:KERNEL SELFTEST FRAMEWORK"
<linux-kselftest@...r.kernel.org>,
"the arch/x86 maintainers" <x86@...nel.org>
Subject: Re: [PATCH v1 1/2] open: add close_range()
On Thu, May 23, 2019 at 1:51 PM Christian Brauner <christian@...uner.io> wrote:
[...]
> I kept it dumb and was about to reply that your solution introduces more
> code when it seemed we wanted to keep this very simple for now.
> But then I saw that find_next_opened_fd() already exists as
> find_next_fd(). So it's actually not bad compared to what I sent in v1.
> So - with some small tweaks (need to test it and all now) - how do we
> feel about?:
[...]
> static int __close_next_open_fd(struct files_struct *files, unsigned *curfd, unsigned maxfd)
> {
> struct file *file = NULL;
> unsigned fd;
> struct fdtable *fdt;
>
> spin_lock(&files->file_lock);
> fdt = files_fdtable(files);
> fd = find_next_fd(fdt, *curfd);
find_next_fd() finds free fds, not used ones.
> if (fd >= fdt->max_fds || fd > maxfd)
> goto out_unlock;
>
> file = fdt->fd[fd];
> rcu_assign_pointer(fdt->fd[fd], NULL);
> __put_unused_fd(files, fd);
You can't do __put_unused_fd() if the old pointer in fdt->fd[fd] was
NULL - because that means that the fd has been reserved by another
thread that is about to put a file pointer in there, and if you
release the fd here, that messes up the refcounting (or hits the
BUG_ON() in __fd_install()).
> out_unlock:
> spin_unlock(&files->file_lock);
>
> if (!file)
> return -EBADF;
>
> *curfd = fd;
> filp_close(file, files);
> return 0;
> }
>
> int __close_range(struct files_struct *files, unsigned fd, unsigned max_fd)
> {
> if (fd > max_fd)
> return -EINVAL;
>
> while (fd <= max_fd) {
Note that with a pattern like this, you have to be careful about what
happens if someone gives you max_fd==0xffffffff - then this condition
is always true and the loop can not terminate this way.
> if (__close_next_fd(files, &fd, maxfd))
> break;
(obviously it can still terminate this way)
> cond_resched();
> fd++;
> }
>
> return 0;
> }
Powered by blists - more mailing lists