| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250209202323.GW1977892@ZenIV>
Date: Sun, 9 Feb 2025 20:23:23 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: NeilBrown <neilb@...e.de>
Cc: Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Jeff Layton <jlayton@...nel.org>,
Dave Chinner <david@...morbit.com>, linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 05/19] VFS: add common error checks to lookup_one_qstr()
On Thu, Feb 06, 2025 at 04:42:42PM +1100, NeilBrown wrote:
> @@ -1700,6 +1702,15 @@ struct dentry *lookup_one_qstr(const struct qstr *name,
> if ((flags & LOOKUP_INTENT_FLAGS) == 0)
> /* ->lookup must have given final answer */
> d_lookup_done(dentry);
> +found:
> + if (d_is_negative(dentry) && !(flags & LOOKUP_CREATE)) {
> + dput(dentry);
> + return ERR_PTR(-ENOENT);
> + }
> + if (d_is_positive(dentry) && (flags & LOOKUP_EXCL)) {
> + dput(dentry);
> + return ERR_PTR(-EEXIST);
> + }
Final dput() on an in-lookup dentry would blow up. What happens if we get
there without LOOKUP_CREATE, but with something else from LOOKUP_INTENT_FLAGS?
That, BTW, is another lovely example of the reasons why making state (in-lookup
in this case, locking elsewhere) transitions dependent upon the function arguments
is a bad idea.
Powered by blists - more mailing lists