lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <5cffded318675a981779194a73d97b274338b7d1.camel@sipsolutions.net>
Date:   Fri, 10 Nov 2023 10:06:34 +0100
From:   Johannes Berg <johannes@...solutions.net>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Nicolai Stange <nicstange@...il.com>
Subject: Re: [PATCH] debugfs: only clean up d_fsdata for d_is_reg()

On Fri, 2023-11-10 at 04:56 +0100, Greg Kroah-Hartman wrote:
> > 
> > Also check in debugfs_file_get() that it gets only called
> > on regular files, just to make things clearer.
> > 
> > +++ b/fs/debugfs/file.c
> > @@ -84,6 +84,9 @@ int debugfs_file_get(struct dentry *dentry)
> >  	struct debugfs_fsdata *fsd;
> >  	void *d_fsd;
> >  
> > +	if (WARN_ON(!d_is_reg(dentry)))
> > +		return -EINVAL;
> 
> Note, the huge majority of Linux systems in the world run with "panic on
> warn" enabled, so if this is something that could actually happen,
> please just handle it and return the error, don't throw up a WARN()
> splat as that will reboot the system, causing you to have grumpy users.
> 

Well, given the use of the d_fsdata, without this check you would get a
crash a few lines down in the code because:

1. if you call it with an automount dentry, the pointer is a function
   pointer and you can't increment a refcount in .text memory

2. if you call it with any other kind of entry other than regular, the
   pointer is NULL and you can't increment a refcount at just over NULL
   either

I would think this cannot happen in the current kernel now, so the check
is more (a) a sign to readers to show the intent of the function, and
(b) a help for future users of debugfs to tell them in easier terms when
they got it wrong. It just seemed nicer to not crash in weird ways (or
corrupt .text if you don't have read-only text, but is that still a
thing anywhere?) than crashing with strange errors (especially in 1.).

But hey, I can just as well remove it.

Note that the other part of the patch here is wrong anyway though, so
this patch isn't any good. I posted the replacement here:
https://lore.kernel.org/lkml/20231109222251.9e54cb55c700.I64fe5615568e87f9ae2d7fb2ac4e5fa96924cb50@changeid/

johannes

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ