lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 14 Nov 2019 16:43:26 +0200
From:   Amir Goldstein <amir73il@...il.com>
To:     Miklos Szeredi <miklos@...redi.hu>
Cc:     Colin King <colin.king@...onical.com>,
        Miklos Szeredi <mszeredi@...hat.com>,
        overlayfs <linux-unionfs@...r.kernel.org>,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH][V4] ovl: fix lookup failure on multi lower squashfs

On Thu, Nov 14, 2019 at 12:30 PM Miklos Szeredi <miklos@...redi.hu> wrote:
>
> On Wed, Nov 13, 2019 at 9:06 PM Colin King <colin.king@...onical.com> wrote:
> >
> > From: Amir Goldstein <amir73il@...il.com>
> >
> > In the past, overlayfs required that lower fs have non null
> > uuid in order to support nfs export and decode copy up origin file handles.
> >
> > Commit 9df085f3c9a2 ("ovl: relax requirement for non null uuid of
> > lower fs") relaxed this requirement for nfs export support, as long
> > as uuid (even if null) is unique among all lower fs.
>
> I see another corner case:
>
> n- two filesystems, A and B, both have null uuid
>  - upper layer is on A
>  - lower layer 1 is also on A
>  - lower layer 2 is on B
>
> In this case bad_uuid won't be set for B, because the check only
> involves the list of lower fs.  Hence we'll try to decode a layer 2
> origin on layer 1 and fail.

Right.

>
> Can we fix this without special casing lower layer fsid == 0 in
> various places?  I guess that involves using lower_fs[0] for the
> fsid=0 case (i.e. index lower_fs by fsid, rather than (fsid -1)).
> Probably warrants a separate patch.
>

I guess we should.
I do hate that special casing.
I can work of that, but would you like to hold back this patch now?
Or just fix that corner case later?

Thanks,
Amir.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ