lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <2023111055-gratitude-prance-6074@gregkh>
Date:   Fri, 10 Nov 2023 04:56:03 +0100
From:   Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To:     Johannes Berg <johannes@...solutions.net>
Cc:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        "Rafael J. Wysocki" <rafael@...nel.org>,
        Nicolai Stange <nicstange@...il.com>,
        Johannes Berg <johannes.berg@...el.com>
Subject: Re: [PATCH] debugfs: only clean up d_fsdata for d_is_reg()

On Thu, Nov 09, 2023 at 04:06:40PM +0100, Johannes Berg wrote:
> From: Johannes Berg <johannes.berg@...el.com>
> 
> debugfs_create_automount() can store a function pointer in
> d_fsdata, and for directories it may be NULL. The commit
> 7c8d469877b1 ("debugfs: add support for more elaborate
> ->d_fsdata") ignored that, and while freeing NULL is just
> fine, if an automount is ever removed we'd attempt to
> kfree() the function pointer. This currently never happens
> since the only user (tracing) will never remove the
> automount dir.
> 
> Later patches changed the logic here again to store the
> real fops, and store the allocation only after a debugfs
> file reference is obtained via debugfs_file_get().
> 
> Remove debugfs_release_dentry() so we won't attempt to
> do anything common with the different uses of d_fsdata,
> and put the freeing of the allocated data where it's last
> possibly used, in __debugfs_file_removed(), which is only
> called for regular files.
> 
> Also check in debugfs_file_get() that it gets only called
> on regular files, just to make things clearer.
> 
> Signed-off-by: Johannes Berg <johannes.berg@...el.com>
> ---
>  fs/debugfs/file.c  |  3 +++
>  fs/debugfs/inode.c | 14 +++++---------
>  2 files changed, 8 insertions(+), 9 deletions(-)
> 
> diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
> index 1f971c880dde..1a20c7db8e11 100644
> --- a/fs/debugfs/file.c
> +++ b/fs/debugfs/file.c
> @@ -84,6 +84,9 @@ int debugfs_file_get(struct dentry *dentry)
>  	struct debugfs_fsdata *fsd;
>  	void *d_fsd;
>  
> +	if (WARN_ON(!d_is_reg(dentry)))
> +		return -EINVAL;

Note, the huge majority of Linux systems in the world run with "panic on
warn" enabled, so if this is something that could actually happen,
please just handle it and return the error, don't throw up a WARN()
splat as that will reboot the system, causing you to have grumpy users.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ