| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 8 Aug 2023 10:48:19 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Christian Brauner <brauner@...nel.org>
Cc: Mateusz Guzik <mjguzik@...il.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
viro@...iv.linux.org.uk, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org, oleg@...hat.com,
Matthew Wilcox <willy@...radead.org>
Subject: Re: [PATCH] fs: use __fput_sync in close(2)
On Tue, 8 Aug 2023 at 10:36, Christian Brauner <brauner@...nel.org> wrote:
>
> @Linus, you ok with the appended thing?
Yes.
I do think that the CHECK_DATA_CORRUPTION() case (used to be in
filp_close, now in filp_flush) is now very questionable since we'll
end up doing an "fput()" on it anyway.
But I think that's actually not a new thing - it was always in the
wrong place, and only caught the "filp_close()" cases. Which -
considering that it would only happen with people using 'fput()'
incorrectly - was always quite suspicious.
The actual "CHECK_DATA_CORRUPTION()" part of the check is new, but the
check itself predates not just the git tree, but the BK history too.
Google does find that we had it trigger back in 1998, apparently.
I think we should probably remove it entirely - and just depend on all
our modern use-after-free infrastructure.
Or we could move it into __fput() itself - the ordering wrt any
flushing is immaterial, because it's no different from using read or
write or whatever on a stale file descriptor - and at least get much
better coverage of the situation where it would happen.
But that is, I think, a completely separate issue - this is all just
made more obvious by the reorganization.
Linus
Powered by blists - more mailing lists