lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGudoHH-v=eDxV0D3wU+bXmGL75UEj7z=yy7r0jx303E4aW38Q@mail.gmail.com>
Date: Sat, 16 Nov 2024 09:01:01 +0100
From: Mateusz Guzik <mjguzik@...il.com>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: brauner@...nel.org, jack@...e.cz, linux-kernel@...r.kernel.org, 
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] fs: delay sysctl_nr_open check in expand_files()

On Sat, Nov 16, 2024 at 8:42 AM Al Viro <viro@...iv.linux.org.uk> wrote:
>
> On Sat, Nov 16, 2024 at 07:36:26AM +0000, Al Viro wrote:
> > On Sat, Nov 16, 2024 at 07:41:28AM +0100, Mateusz Guzik wrote:
> > > Suppose a thread sharing the table started a resize, while
> > > sysctl_nr_open got lowered to a value which prohibits it. This is still
> > > going to go through with and without the patch, which is fine.
> > >
> > > Further suppose another thread shows up to do a matching expansion while
> > > resize_in_progress == true. It is going to error out since it performs
> > > the sysctl_nr_open check *before* finding out if there is an expansion
> > > in progress. But the aformentioned thread is going to succeded, so the
> > > error is spurious (and it would not happen if the thread showed up a
> > > little bit later).
> > >
> > > Checking the sysctl *after* we know there are no pending updates sorts
> > > it out.
> >
> >       What for?  No, seriously - what's the point?  What could possibly
> > observe an inconsistent situation?  How would that look like?
>
> PS: I'm not saying I hate that patch; I just don't understand the point...

Per the description, if you get unlucky enough one thread is going to
spuriously error out. So basically any multithreaded program which
ends up trying to expand the fd table while racing against
sysctl_nr_open going down can in principle run into it. Except people
normally don't mess with sysctl_nr_open, so I don't think this shows
up during normal operation.

I explicitly noted this is not a serious problem, just a thing I
noticed while poking around. If you want to NAK this that's fine with
me, it's not worth arguing over.

-- 
Mateusz Guzik <mjguzik gmail.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ