| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Feb 2024 13:28:46 +0100 From: Christian Brauner <brauner@...nel.org> To: Al Viro <viro@...iv.linux.org.uk> Cc: linux-fsdevel@...r.kernel.org, Linus Torvalds <torvalds@...ux-foundation.org>, linux-ext4@...r.kernel.org, linux-nfs@...r.kernel.org, Miklos Szeredi <miklos@...redi.hu>, linux-cifs@...r.kernel.org Subject: Re: [PATCH 06/13] afs: fix __afs_break_callback() / afs_drop_open_mmap() race On Sun, Feb 04, 2024 at 02:17:32AM +0000, Al Viro wrote: > In __afs_break_callback() we might check ->cb_nr_mmap and if it's non-zero > do queue_work(&vnode->cb_work). In afs_drop_open_mmap() we decrement > ->cb_nr_mmap and do flush_work(&vnode->cb_work) if it reaches zero. > > The trouble is, there's nothing to prevent __afs_break_callback() from > seeing ->cb_nr_mmap before the decrement and do queue_work() after both > the decrement and flush_work(). If that happens, we might be in trouble - > vnode might get freed before the queued work runs. > > __afs_break_callback() is always done under ->cb_lock, so let's make > sure that ->cb_nr_mmap can change from non-zero to zero while holding > ->cb_lock (the spinlock component of it - it's a seqlock and we don't > need to mess with the counter). > > Signed-off-by: Al Viro <viro@...iv.linux.org.uk> > --- Acked-by: Christian Brauner <brauner@...nel.org>
Powered by blists - more mailing lists