| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250520152536.GD2023217@ZenIV>
Date: Tue, 20 May 2025 16:25:36 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Kent Overstreet <kent.overstreet@...ux.dev>
Cc: linux-fsdevel@...r.kernel.org, linux-bcachefs@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-unionfs@...r.kernel.org,
Miklos Szeredi <miklos@...redi.hu>,
Amir Goldstein <amir73il@...il.com>,
Christian Brauner <brauner@...nel.org>, Jan Kara <jack@...e.cz>
Subject: Re: [PATCH 4/6] fs: dcache locking for exlusion between overlayfs,
casefolding
On Tue, May 20, 2025 at 01:15:56AM -0400, Kent Overstreet wrote:
> +int d_casefold_enable(struct dentry *dentry, struct d_casefold_enable *e)
> +{
> + struct dentry *root = dentry->d_sb->s_root;
> + int ret = 0;
> +
> + guard(mutex)(&no_casefold_dentries_lock);
> +
> + for (struct dentry *i = dentry;
> + i && i->d_inode->i_flags & S_NO_CASEFOLD;
> + i = i != root ? i->d_parent : NULL) {
> + ret = darray_push(&e->refs, i);
> + if (ret)
> + goto err;
> +
> + ret = no_casefold_dentry_get(i, ref_casefold_enable);
Beyond being fucking ugly, this is outright broken. Lose
the timeslice (e.g. on allocation in that thing), and there's
nothing to prevent your 'i' from pointing to freed memory.
Powered by blists - more mailing lists