lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240610-vfs-fixes-a84527e50cdb@brauner>
Date: Mon, 10 Jun 2024 16:09:10 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfs fixes

Hey Linus,

/* Summary */
This contains fixes for this merge window:

* Restore debugfs behavior of ignoring unknown mount options.
* Fix kernel doc for netfs_wait_for_oustanding_io().
* Remove unneeded fdtable.h include in cachefiles.
* Fix struct statx comment after new addition for this cycle.
* Fix data zeroing behavior when an extent spans the block that contains i_size.
* Restore i_size increasing in iomap_write_end() for now to avoid stale data
  exposure on xfs with a realtime device.
* Fix a check in find_next_fd().
* Improve trace output for cachefiles_obj_{get,put}_ondemand_fd().
* Remove requests from the request list in cachefiles to prevent accessing
  already freed requests.
* Fix UAF when issuing restore command while the daemon is still alive by
  adding an additional reference count to cachefile requests.
* Fix UAF in cachefiles by grabbing a reference during xarray lookup with
  xa_lock() held.
* Simplify error handling in cachefiles_ondemand_daemon_read().
* Add consistency checks to cachefiles read and open requests to avoid crashes.
* Add a spinlock to protect ondemand_id variable which is used to determine
  whether an anonymous cachefiles fd has already been closed.
* Make on-demand reads for cachefiles killable allowing to handle broken
  cachefiles daemon better.
* Flush all requests after the kernel has been marked dead via CACHEFILES_DEAD
  to avoid hung-tasks.
* Ensure that closed requests are marked as such to avoid reusing them with a
  reopen request.
* Defer fd_install() until after copy_to_user() succeeded in cachefiles and
  thereby get rid of having to use close_fd().
* Ensure that anonymous cachefiles on-demand fds are reused while they are
  valid to avoid pinning already freed cookies.

/* Testing */
clang: Debian clang version 16.0.6 (27)
gcc: (Debian 13.2.0-25) 13.2.0

All patches are based on mainline. No build failures or warnings were observed.

/* Conflicts */
No known conflicts.

The following changes since commit 2bfcfd584ff5ccc8bb7acde19b42570414bf880b:

  Merge tag 'pmdomain-v6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/linux-pm (2024-05-27 08:18:31 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.10-rc4.fixes

for you to fetch changes up to f5ceb1bbc98c69536d4673a97315e8427e67de1b:

  iomap: Fix iomap_adjust_read_range for plen calculation (2024-06-05 17:27:03 +0200)

Please consider pulling these changes from the signed vfs-6.10-rc4.fixes tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.10-rc4.fixes

----------------------------------------------------------------
Baokun Li (11):
      cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd
      cachefiles: remove requests from xarray during flushing requests
      cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd()
      cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read()
      cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read()
      cachefiles: add consistency check for copen/cread
      cachefiles: add spin_lock for cachefiles_ondemand_info
      cachefiles: never get a new anonymous fd if ondemand_id is valid
      cachefiles: defer exposing anon_fd until after copy_to_user() succeeds
      cachefiles: flush all requests after setting CACHEFILES_DEAD
      cachefiles: make on-demand read killable

Christian Brauner (3):
      debugfs: continue to ignore unknown mount options
      netfs: fix kernel doc for nets_wait_for_outstanding_io()
      Merge patch series "cachefiles: some bugfixes and cleanups for ondemand requests"

Gao Xiang (1):
      cachefiles: remove unneeded include of <linux/fdtable.h>

John Garry (1):
      statx: Update offset commentary for struct statx

Ritesh Harjani (IBM) (1):
      iomap: Fix iomap_adjust_read_range for plen calculation

Yuntao Wang (1):
      fs/file: fix the check in find_next_fd()

Zhang Yi (1):
      iomap: keep on increasing i_size in iomap_write_end()

Zizhi Wo (1):
      cachefiles: Set object to close if ondemand_id < 0 in copen

 fs/cachefiles/daemon.c            |   3 +-
 fs/cachefiles/internal.h          |   5 +
 fs/cachefiles/ondemand.c          | 218 ++++++++++++++++++++++++++++----------
 fs/debugfs/inode.c                |  10 +-
 fs/file.c                         |   4 +-
 fs/iomap/buffered-io.c            |  56 +++++-----
 include/linux/netfs.h             |   2 +-
 include/trace/events/cachefiles.h |   8 +-
 include/uapi/linux/stat.h         |   2 +-
 9 files changed, 215 insertions(+), 93 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ