| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Jun 2023 12:34:30 +0800
From: Tuo Li <islituo@...il.com>
To: anton@...era.com, linkinjeon@...nel.org
Cc: linux-ntfs-dev@...ts.sourceforge.net,
Linux Kernel <linux-kernel@...r.kernel.org>,
baijiaju1990@...look.com
Subject: [BUG] ntfs: possible data races in ntfs_clear_extent_inode()
Hello,
Our static analysis tool finds some possible data races in the NTFS file
system in Linux 6.4.0-rc6.
In most calling contexts, the variable ni->ext.base_ntfs_ino is accessed
with holding the lock ni->extent_lock. Here is an example:
ntfs_extent_mft_record_free() --> Line 2773 in fs/ntfs/mtf.c
mutex_lock(&ni->extent_lock); --> Line 2786 in fs/ntfs/mtf.c (Lock
ni->extent_lock)
base_ni = ni->ext.base_ntfs_ino; --> Line 2787 in fs/ntfs/mft.c
(Access ni->ext.base_ntfs_ino)
However, in the following calling contexts:
ntfs_evict_big_inode() --> Line 2247 in fs/ntfs/inode.c
ntfs_clear_extent_inode() --> Line 2274 in fs/ntfs/inode.c
if (!is_bad_inode(VFS_I(ni->ext.base_ntfs_ino))) --> Line 2224
in fs/ntfs/inode.c (Access ni->ext.base_ntfs_ino)
ntfs_evict_big_inode() --> Line 2247 in fs/ntfs/inode.c
ni->ext.base_ntfs_ino = NULL; --> Line 2285 in fs/ntfs/inode.c
(Access ni->ext.base_ntfs_ino)
the variable ni->ext.base_ntfs_ino is accessed without holding the lock
ni->extent_lock, and thus data races can occur.
I am not quite sure whether these possible data races are real and how
to fix them if they are real.
Any feedback would be appreciated, thanks!
Reported-by: BassCheck <bass@...a.edu.cn>
Best wishes,
Tuo Li
Powered by blists - more mailing lists