| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Oct 2020 22:22:35 +0000
From: David Howells <dhowells@...hat.com>
To: linux-afs@...ts.infradead.org
Cc: "Matthew Wilcox (Oracle)" <willy@...radead.org>,
Christoph Hellwig <hch@....de>,
Colin Ian King <colin.king@...onical.com>,
kernel test robot <lkp@...el.com>,
Dan Carpenter <dan.carpenter@...cle.com>,
Nick Piggin <npiggin@...il.com>, dhowells@...hat.com,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 00/11] AFS fixes [ver #3]
Here's a set of fixes for AFS:
(1) Fix copy_file_range() to an afs file now returning EINVAL if the
splice_write file op isn't supplied.
(2) Fix a deref-before-check in afs_unuse_cell().
(3) Fix a use-after-free in afs_xattr_get_acl().
(4) Fix afs to not try to clear PG_writeback when laundering a page.
(5) Fix afs to take a ref on a page that it sets PG_private on and to drop
that ref when clearing PG_private.
(6) Fix a page leak if write_begin() fails.
(7) Fix afs_write_begin() to not alter the dirty region info stored in
page->private, but rather do this in afs_write_end() instead when we
know what we actually changed.
(8) Fix afs_invalidatepage() to alter the dirty region info on a page when
partial page invalidation occurs so that we don't inadvertantly
include a span of zeros that will get written back if a page gets
laundered due to a remote 3rd-party induced invalidation.
We mustn't, however, reduce the dirty region if the page has been seen
to be mapped (ie. we got called through the page_mkwrite vector) as
the page might still be mapped and we might lose data if the file is
extended again.
(9) Fix the dirty region info to have a lower resolution if the size of
the page is too large for this to be encoded (e.g. powerpc32 with 64K
pages).
Note that this might not be the ideal way to handle this, since it may
allow some leakage of undirtied zero bytes to the server's copy in the
case of a 3rd-party conflict.
To aid (8) and (9), two additional patches are included:
(*) Wrap the manipulations of the dirty region info stored in
page->private into helper functions.
(*) Alter the encoding of the dirty region so that the region bounds can
be stored with one fewer bit, making a bit available for the
indication of mappedness.
The patches can be found here:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=afs-fixes
David
---
Dan Carpenter (1):
afs: Fix a use after free in afs_xattr_get_acl()
David Howells (10):
afs: Fix copy_file_range()
afs: Fix tracing deref-before-check
afs: Fix afs_launder_page to not clear PG_writeback
afs: Fix to take ref on page when PG_private is set
afs: Fix page leak on afs_write_begin() failure
afs: Fix where page->private is set during write
afs: Wrap page->private manipulations in inline functions
afs: Alter dirty range encoding in page->private
afs: Fix afs_invalidatepage to adjust the dirty region
afs: Fix dirty-region encoding on ppc32 with 64K pages
fs/afs/cell.c | 3 +-
fs/afs/dir.c | 12 ++---
fs/afs/dir_edit.c | 6 +--
fs/afs/file.c | 76 +++++++++++++++++++++-----
fs/afs/internal.h | 57 ++++++++++++++++++++
fs/afs/write.c | 106 ++++++++++++++++++++-----------------
fs/afs/xattr.c | 2 +-
include/trace/events/afs.h | 20 ++-----
8 files changed, 189 insertions(+), 93 deletions(-)
Powered by blists - more mailing lists