lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZrLiU+gGUKIOk1kA@dread.disaster.area>
Date: Wed, 7 Aug 2024 12:56:19 +1000
From: Dave Chinner <david@...morbit.com>
To: Mateusz Guzik <mjguzik@...il.com>
Cc: brauner@...nel.org, viro@...iv.linux.org.uk, jack@...e.cz,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] vfs: avoid spurious dentry ref/unref cycle on open

On Wed, Aug 07, 2024 at 12:55:07AM +0200, Mateusz Guzik wrote:
> On Wed, Aug 7, 2024 at 12:51 AM Dave Chinner <david@...morbit.com> wrote:
> >
> > On Tue, Aug 06, 2024 at 04:46:28PM +0200, Mateusz Guzik wrote:
> > >       error = may_open(idmap, &nd->path, acc_mode, open_flag);
> > > -     if (!error && !(file->f_mode & FMODE_OPENED))
> > > -             error = vfs_open(&nd->path, file);
> > > +     if (!error && !(file->f_mode & FMODE_OPENED)) {
> > > +             BUG_ON(nd->state & ND_PATH_CONSUMED);
> >
> > Please don't litter new code with random BUG_ON() checks. If this
> > every happens, it will panic a production kernel and the fix will
> > generate a CVE.
> >
> > Given that these checks should never fire in a production kernel
> > unless something is corrupting memory (i.e. the end is already
> > near), these should be considered debug assertions and we should
> > treat them that way from the start.
> >
> > i.e. we really should have a VFS_ASSERT() or VFS_BUG_ON() (following
> > the VM_BUG_ON() pattern) masked by a CONFIG_VFS_DEBUG option so they
> > are only included into debug builds where there is a developer
> > watching to debug the system when one of these things fires.
> >
> > This is a common pattern for subsystem specific assertions.  We do
> > this in all the major filesystems, the MM subsystem does this
> > (VM_BUG_ON), etc.  Perhaps it is time to do this in the VFS code as
> > well....
> 
> I agree, I have this at the bottom of my todo list.

Good to know.

> The only reason I BUG_ON'ed here is because proper debug macros are not present.
> 
> fwiw v2 does not have any of this, so...

Yeah, I didn't notice there was a v2 patch before I wrote this.

-Dave.
-- 
Dave Chinner
david@...morbit.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ