lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Wed, 6 May 2020 15:49:52 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Al Viro <viro@...iv.linux.org.uk>
Cc:     James Morris <jmorris@...ei.org>,
        "Serge E. Hallyn" <serge@...lyn.com>,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] securityfs: Add missing d_delete() call on removal

On Wed, May 06, 2020 at 07:49:20PM +0100, Al Viro wrote:
> On Wed, May 06, 2020 at 08:34:29AM -0700, Kees Cook wrote:
> 
> > Just posted the whole series:
> > https://lore.kernel.org/lkml/20200506152114.50375-1-keescook@chromium.org/
> > 
> > But the specific question was driven by this patch:
> > https://lore.kernel.org/lkml/20200506152114.50375-11-keescook@chromium.org/
> 
> Yecchh...  First of all, you are leaving a dangling pointer in your
> struct pstore_private ->dentry.  What's more, in your case d_delete()

Yeah, good idea: I can wipe out the pstore_private->dentry at this point
just for robustness. From what I could tell the evict got immediately
called after the dput().

> is definitely wrong - either there are other references to dentry
> (in which case d_delete() is the same as d_drop()), or dput() right
> after it will drive ->d_count to zero and since you end up using
> simple_dentry_operations, dentry will be freed immediately after
> that.

Do you mean the d_drop() isn't needed? What happens if someone has
the file open during this routine? The goal here is to make these files
disappear so they'll go through evict.

> I have not looked at the locking in that series yet, so no comments

Yeah, I would not be surprised by some more locking issues, but I think
it's an improvement over what was there. Most of the code seems to have
been designed to be non-modular. :P

> on the races, but in any case - that d_delete() is a misspelled d_drop().

I'll change it; thanks!

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ