| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180402215212.GF30522@ZenIV.linux.org.uk>
Date: Mon, 2 Apr 2018 22:52:12 +0100
From: Al Viro <viro@...IV.linux.org.uk>
To: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
syzbot+@...kaller.appspotmail.com, syzkaller-bugs@...glegroups.com,
dvyukov@...gle.com, linux-fsdevel@...r.kernel.org,
linux-mm@...ck.org, netdev@...r.kernel.org
Subject: Re: WARNING: refcount bug in should_fail
On Mon, Apr 02, 2018 at 03:30:56PM -0500, Eric W. Biederman wrote:
> Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp> writes:
> > I don't think this is a dup of existing bug.
> > We need to fix either 9ee332d99e4d5a97 or d91ee87d8d85a080.
>
> Even if expanding mount_ns to more filesystems was magically fixed,
> proc would still have this issue with the pid namespace rather than
> the net namespace.
>
> This is a mess. I will take a look and see if I can see a a fix.
It's trivially fixable, and there's no need to modify mount_ns() at
all.
All we need is for rpc_kill_sb() to recognize whether we are already
through the point in rpc_fill_super() where the refcount is bumped.
That's it.
The most trivial way to do that is to move
net = get_net(sb->s_fs_info);
past
if (!root)
return -ENOMEM;
in the latter and have
out:
if (!sb->s_root)
net = NULL;
kill_litter_super(sb);
if (net)
put_net(net);
in the end of the former. And similar changes in other affected
instances.
Powered by blists - more mailing lists