lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20231220074725.23211-1-lulie@linux.alibaba.com>
Date: Wed, 20 Dec 2023 15:47:25 +0800
From: Philo Lu <lulie@...ux.alibaba.com>
To: linux-kernel@...r.kernel.org
Cc: akpm@...ux-foudation.org,
	surenb@...gle.com,
	rppt@...nel.org,
	zhou.kete@....com,
	zhao_lei1@...erun.com,
	kunyu@...china.com,
	zhang.zhengming@....com,
	gregkh@...uxfoundation.org,
	xuanzhuo@...ux.alibaba.com,
	dust.li@...ux.alibaba.com,
	alibuda@...ux.alibaba.com,
	guwen@...ux.alibaba.com,
	hengqi@...ux.alibaba.com
Subject: [RFC PATCH] relay: avoid relay_open_buf inproperly fails in buffer-only mode

In buffer-only mode, relay_open(NULL, NULL, ...) is used to create the
buffer first, where chan->has_base_filename is not set. Though we still
need to call chan->cb->create_buf_file in relay_open_buf() to retrieve
global info for global buffer, the create_buf_file callback should
return NULL. With IS_ERR_OR_NULL() check, relay_open fails because of
the returned NULL dentry, so this patch reverts back to the WARN_ON()
version and add a comment for this behavior.

Here is an example after fix:
```
struct dentry *my_create_buf_file(const char *filename,
            struct dentry *parent, umode_t mode,
            struct rchan_buf *buf, int *is_global)
{
    if (!filename)
        return NULL;

    return debugfs_create_file(filename, mode, parent, buf,
                &relay_file_operations);
}

relay_cb.create_buf_file = my_create_buf_file
relay_chan = relay_open(NULL, NULL,
                    subbuf_size, subbuf_num,
                    &relay_cb, NULL);
relay_late_setup_files(relay_chan, filename, parent);
```

But before fix, the create_buf_file callback must be something like:
```
struct dentry *my_create_buf_file(const char *filename,
            struct dentry *parent, umode_t mode,
            struct rchan_buf *buf, int *is_global)
{
    if (!filename)
        return ERR_PTR(1); // a valid ptr is necessary for relay_open

    return debugfs_create_file(filename, mode, parent, buf,
                &relay_file_operations);
}
```

I'm not sure if this revertion proper because it may break existing use
cases. I think we can also remove the WARN_ON check instead.

Fixes: 2c1cf00eeacb ("relay: check return of create_buf_file() properly")
Signed-off-by: Philo Lu <lulie@...ux.alibaba.com>
---
 kernel/relay.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/relay.c b/kernel/relay.c
index 83fe0325cde1..0700745447c1 100644
--- a/kernel/relay.c
+++ b/kernel/relay.c
@@ -395,7 +395,8 @@ static struct rchan_buf *relay_open_buf(struct rchan *chan, unsigned int cpu)
 		dentry = chan->cb->create_buf_file(NULL, NULL,
 						   S_IRUSR, buf,
 						   &chan->is_global);
-		if (IS_ERR_OR_NULL(dentry))
+		/* has_base_filename not set, so dentry should be NULL */
+		if (WARN_ON(dentry))
 			goto free_buf;
 	}

--
2.32.0.3.g01195cf9f

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ