lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <f4f5ac14-b110-4893-8014-81ba3a4170ba@suse.de>
Date: Fri, 17 Oct 2025 01:30:34 +0200
From: Fernando Fernandez Mancera <fmancera@...e.de>
To: Jakub Kicinski <kuba@...nel.org>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
 gregkh@...uxfoundation.org, cynthia@...mx.dev, rafael@...nel.org,
 dakr@...nel.org, christian.brauner@...ntu.com, edumazet@...gle.com,
 pabeni@...hat.com, davem@...emloft.net, horms@...nel.org
Subject: Re: [PATCH] sysfs: check visibility before changing group attribute
 ownership



On 10/16/25 5:38 PM, Jakub Kicinski wrote:
> On Thu, 16 Oct 2025 12:14:56 +0200 Fernando Fernandez Mancera wrote:
>> Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for
>> phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can
>> hit WARN_ON() when trying to change owner of a file that isn't visible.
>> See the trace below:
> 
> Dunno much about sysfs but this is what I had in mind so FWIW:
> 
> Reviewed-by: Jakub Kicinski <kuba@...nel.org>
> 
> I'd be tempted to chuck:
> 
> Fixes: 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)")
> 
> here as well. Or are we certain there are other callers that could have
> triggered this earlier?
> 

It is hard for me tell certainly. I am fine adding:

Fixes: 0c17270f9b92 ("net: sysfs: Implement is_visible for 
phys_(port_id, port_name, switch_id)")

but I would keep the current Fixes tag too. IMHO, given that visibility 
could return 0 for some attributes and > 0 for others in the same group, 
is up to sysfs to check the attribute visibility before updating the 
ownership of a whole group.. so this check should have been there since 
the beginning.

Anyway, I am not an expert on sysfs neither..

>> Reported-by: Cynthia <cynthia@...mx.dev>
> 
> Perhaps:
> 
> Reported-and-bisected-by: ...
> 
Oh, sure, thanks! I am going to wait a bit to allow more feedback and 
send a v2.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ