| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jun 2020 19:45:57 +0300
From: Amir Goldstein <amir73il@...il.com>
To: youngjun <her0gyugyu@...il.com>
Cc: Miklos Szeredi <miklos@...redi.hu>,
overlayfs <linux-unionfs@...r.kernel.org>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] ovl: inode reference leak in "ovl_is_inuse" true case.
On Mon, Jun 15, 2020 at 6:57 PM youngjun <her0gyugyu@...il.com> wrote:
>
> When "ovl_is_inuse" true case, trap inode reference not put.
>
> Signed-off-by: youngjun <her0gyugyu@...il.com>
Fixes: 0be0bfd2de9d ("ovl: fix regression caused by overlapping layers
detection")
Cc: <stable@...r.kernel.org> # v4.19+
Reviewed-by: Amir Goldstein <amir73il@...il.com>
> ---
> fs/overlayfs/super.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
> index 91476bc422f9..8837fc1ec3be 100644
> --- a/fs/overlayfs/super.c
> +++ b/fs/overlayfs/super.c
> @@ -1499,8 +1499,10 @@ static int ovl_get_layers(struct super_block *sb, struct ovl_fs *ofs,
>
> if (ovl_is_inuse(stack[i].dentry)) {
> err = ovl_report_in_use(ofs, "lowerdir");
> - if (err)
> + if (err) {
> + iput(trap);
> goto out;
> + }
> }
>
Urgh! I moved this ovl_is_inuse() after ovl_setup_trap() for a reason, but I did
not explain why. While we are fixing the bug, it would be nice to add a comment
above ovl_setup_trap():
/*
* Check if lower root conflicts with this overlay layers before checking
* if it is in-use as upperdir/workdir of "another" mount, because we do
* not bother to check in ovl_is_inuse() if the upperdir/workdir is in fact
* in-use by our upperdir/workdir.
*/
Thanks,
Amir.
Powered by blists - more mailing lists