lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240724-vfs-fixes-620fa9859ef0@brauner>
Date: Wed, 24 Jul 2024 11:19:49 +0200
From: Christian Brauner <brauner@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: [GIT PULL] vfs fixes

/* Summary */
This contains fixes for this merge window:

VFS:

- The new 64bit mount ids start after the old mount id, i.e., at the first
  non-32 bit value. However, we started counting one id too late and thus lost
  4294967296 as the first valid id. Fix that.

- Update a few comments on some vfs_*() creation helpers.

- Move copying of the xattr name out from the locks required to start a
  filesystem write.

- Extend the filelock lock UAF fix to the compat code as well.

- Now that we added the ability to look up an inode under RCU it's possible
  that lockless hash lookup can find and lock an inode after it gets I_FREEING
  set. It then waits until inode teardown in evict() is finished.

  The flag however is still set after evict() has woken up all waiters. If the
  inode lock is taken late enough on the waiting side after hash removal and
  wakeup happened the waiting thread will never be woken.

  Before RCU based lookup this was synchronized via the inode_hash_lock. But
  since unhashing requires the inode lock as well we can check whether the
  inode is unhashed while holding inode lock even without holding
  inode_hash_lock.

pidfd:

- The nsproxy structure contains nearly all of the namespaces associated with a
  task. When a namespace type isn't supported nsproxy might contain a NULL
  pointer or always point to the initial namespace type. The logic isn't
  consistent. So when deriving namespace fds we need to ensure that the
  namespace type is supported.

  First, so that we don't risk dereferncing NULL pointers. The correct bigger
  fix would be to change all namespaces to always set a valid namespace pointer
  in struct nsproxy independent of whether or not it is compiled in. But that
  requires quite a few changes.

  Second, so that we don't allow deriving namespace fds when the namespace type
  doesn't exist and thus when they couldn't also be derived via /proc/self/ns/.

- Add missing selftests for the new pidfd ioctls to derive namespace fds. This
  simply extends the already existing testsuite.

netfs:

- Fix debug logging and fix kconfig variable name so it actually works.

- Fix writeback that goes both to the server and cache. The streams are only
  activated once a subreq is added. When a server write happens the subreq
  doesn't need to have finished by the time the cache write is started. If the
  server write has already finished by the time the cache write is about to
  start the cache write will operate on a folio that might already have been
  reused. Fix this by preactivating the cache write.

- Limit cachefiles subreq size for cache writes to MAX_RW_COUNT.

The following changes since commit 933069701c1b507825b514317d4edd5d3fd9d417:

  Merge tag '6.11-rc-smb3-server-fixes' of git://git.samba.org/ksmbd (2024-07-21 20:50:39 -0700)

are available in the Git repository at:

  git@...olite.kernel.org:pub/scm/linux/kernel/git/vfs/vfs tags/vfs-6.11-rc1.fixes.2

for you to fetch changes up to f5e5e97c719d289025afce07050effcf1f7373ef:

  inode: clarify what's locked (2024-07-24 11:11:40 +0200)

Please consider pulling these changes from the signed vfs-6.11-rc1.fixes.2 tag.

Thanks!
Christian

----------------------------------------------------------------
vfs-6.11-rc1.fixes.2

----------------------------------------------------------------
Christian Brauner (4):
      pidfs: handle kernels without namespaces cleanly
      pidfs: add selftests for new namespace ioctls
      fs: use all available ids
      inode: clarify what's locked

Congjie Zhou (1):
      vfs: correct the comments of vfs_*() helpers

David Howells (5):
      netfs: Revert "netfs: Switch debug logging to pr_debug()"
      netfs: Rename CONFIG_FSCACHE_DEBUG to CONFIG_NETFS_DEBUG
      netfs: Fix writeback that needs to go to both server and cache
      cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
      vfs: Fix potential circular locking through setxattr() and removexattr()

Edward Adam Davis (1):
      pidfs: when time ns disabled add check for ioctl

Jann Horn (1):
      filelock: Fix fcntl/close race recovery compat path

Mateusz Guzik (1):
      vfs: handle __wait_on_freeing_inode() and evict() race

 fs/cachefiles/io.c                               |   2 +-
 fs/inode.c                                       |  40 +++-
 fs/locks.c                                       |   9 +-
 fs/namei.c                                       |  26 +--
 fs/namespace.c                                   |   2 +-
 fs/netfs/Kconfig                                 |  18 +-
 fs/netfs/buffered_read.c                         |  14 +-
 fs/netfs/buffered_write.c                        |  12 +-
 fs/netfs/direct_read.c                           |   2 +-
 fs/netfs/direct_write.c                          |   8 +-
 fs/netfs/fscache_cache.c                         |   4 +-
 fs/netfs/fscache_cookie.c                        |  28 +--
 fs/netfs/fscache_io.c                            |  12 +-
 fs/netfs/fscache_main.c                          |   2 +-
 fs/netfs/fscache_volume.c                        |   4 +-
 fs/netfs/internal.h                              |  33 ++-
 fs/netfs/io.c                                    |  12 +-
 fs/netfs/main.c                                  |   4 +
 fs/netfs/misc.c                                  |   4 +-
 fs/netfs/write_collect.c                         |  16 +-
 fs/netfs/write_issue.c                           |  37 ++--
 fs/pidfs.c                                       |  63 ++++--
 fs/xattr.c                                       |  91 ++++----
 tools/testing/selftests/pidfd/pidfd_setns_test.c | 258 ++++++++++++++++++++---
 24 files changed, 488 insertions(+), 213 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ