| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJfpegvx-oS9XGuwpJx=Xe28_jzWx5eRo1y900_ZzWY+=gGzUg@mail.gmail.com>
Date: Tue, 19 Nov 2024 10:05:37 +0100
From: Miklos Szeredi <miklos@...redi.hu>
To: Amir Goldstein <amir73il@...il.com>
Cc: Vasiliy Kovalev <kovalev@...linux.org>, linux-unionfs@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] ovl: Add check for missing lookup operation on inode
On Mon, 18 Nov 2024 at 19:54, Amir Goldstein <amir73il@...il.com> wrote:
> Can you analyse what went wrong with the reproducer?
> How did we get to a state where lowerstack of parent
> has a dentry which is !d_can_lookup?
Theoretically we could still get a an S_ISDIR inode, because
ovl_get_inode() doesn't look at the is_dir value that lookup found.
I.e. lookup thinks it found a non-dir, but iget will create a dir
because of the backing inode's type.
AFAICS this can only happen if i_op->lookup is not set on S_ISDIR for
the backing inode, which shouldn't happen on normal filesystems.
Reproducer seems to use bfs, which *should* be normal, and bfs_iget
certainly doesn't do anything weird in that case, so I still don't
understand what is happening.
In any case something like the following should filter out such weirdness:
bool ovl_dentry_weird(struct dentry *dentry)
{
+ if (!d_can_lookup(dentry) && !d_is_file(dentry) &&
!d_is_symlink(dentry))
+ return true;
+
return dentry->d_flags & (DCACHE_NEED_AUTOMOUNT |
Thanks,
Miklos
Powered by blists - more mailing lists