lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAGudoHEt-mmZaihzTYxmf3KF_LsEC=astL2fOB+SOWGMPOCcFw@mail.gmail.com>
Date: Wed, 7 Aug 2024 00:55:07 +0200
From: Mateusz Guzik <mjguzik@...il.com>
To: Dave Chinner <david@...morbit.com>
Cc: brauner@...nel.org, viro@...iv.linux.org.uk, jack@...e.cz, 
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] vfs: avoid spurious dentry ref/unref cycle on open

On Wed, Aug 7, 2024 at 12:51 AM Dave Chinner <david@...morbit.com> wrote:
>
> On Tue, Aug 06, 2024 at 04:46:28PM +0200, Mateusz Guzik wrote:
> >       error = may_open(idmap, &nd->path, acc_mode, open_flag);
> > -     if (!error && !(file->f_mode & FMODE_OPENED))
> > -             error = vfs_open(&nd->path, file);
> > +     if (!error && !(file->f_mode & FMODE_OPENED)) {
> > +             BUG_ON(nd->state & ND_PATH_CONSUMED);
>
> Please don't litter new code with random BUG_ON() checks. If this
> every happens, it will panic a production kernel and the fix will
> generate a CVE.
>
> Given that these checks should never fire in a production kernel
> unless something is corrupting memory (i.e. the end is already
> near), these should be considered debug assertions and we should
> treat them that way from the start.
>
> i.e. we really should have a VFS_ASSERT() or VFS_BUG_ON() (following
> the VM_BUG_ON() pattern) masked by a CONFIG_VFS_DEBUG option so they
> are only included into debug builds where there is a developer
> watching to debug the system when one of these things fires.
>
> This is a common pattern for subsystem specific assertions.  We do
> this in all the major filesystems, the MM subsystem does this
> (VM_BUG_ON), etc.  Perhaps it is time to do this in the VFS code as
> well....

I agree, I have this at the bottom of my todo list.

The only reason I BUG_ON'ed here is because proper debug macros are not present.

fwiw v2 does not have any of this, so...

-- 
Mateusz Guzik <mjguzik gmail.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ