| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251105062501.GG2441659@ZenIV>
Date: Wed, 5 Nov 2025 06:25:01 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Mateusz Guzik <mjguzik@...il.com>
Cc: brauner@...nel.org, jack@...e.cz, linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH] fs: touch up predicts in putname()
On Mon, Nov 03, 2025 at 05:44:07PM +0100, Mateusz Guzik wrote:
> a sketch:
> /* called by the thread which allocated the name if it decides to go
> through with it */
> delegate_alien_name(name) {
> VFS_BUG_ON(name->delegated);
> name->delegated = true;
> }
>
> /* called by the thread using the name */
> claim_alien_name(name) {
> VFS_BUG_ON(!name->delegated);
> VFS_BUG_ON(name->__who_can_free != NULL);
> name->__who_can_free = current;
> }
>
> destroy_alien_name(name) {
> if (name->delegated) {
> VFS_BUG_ON(name->__who_can_free == NULL);
> VFS_BUG_ON(name->__who_can_free != current);
> }
> putname(..);
> }
>
> So a sample correct consumer looks like this:
> err = getname_alien(&name);
> ....
> err = other_prep();
> if (!err)
> actual_work(delegate_alien_name(name));
> else
> destroy_alien_name(name);
>
> the *other* thread which eventually works on the name:
> claim_alien_name(name);
> /* hard work goes here */
> destroy_alien_name(name);
>
> Sample buggy consumer which both delegated the free *and* decided free
> anyway is caught.
That would make sense had there been any places where we would want
use the alien_filename contents (hell, access it) in any way other
than "destroy and get a struct filename reference". I don't see any
candidates, TBH...
Powered by blists - more mailing lists