From: Chris Dunlop <chris@onthe.net.au>
To: Tyler Hicks <tyhicks@canonical.com>
Cc: David Howells <dhowells@redhat.com>,
Al Viro <viro@zeniv.linux.org.uk>,
"Myklebust, Trond" <Trond.Myklebust@netapp.com>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Eric Van Hensbergen <ericvh@gmail.com>,
Ron Minnich <rminnich@sandia.gov>,
Latchesar Ionkov <lucho@ionkov.net>,
Jan Harkes <jaharkes@cs.cmu.edu>,
"maintainer:CODA FILE SYSTEM" <coda@cs.cmu.edu>,
Dave Kleikamp <shaggy@kernel.org>,
Petr Vandrovec <petr@vandrovec.name>,
Greg Kroah-Hartman <gregkh@suse.de>,
v9fs-developer@lists.sourceforge.net,
linux-afs@lists.infradead.org, codalist@TELEMANN.coda.cs.cmu.edu,
jfs-discussion@lists.sourceforge.net, linux-nfs@vger.kernel.org
Subject: Re: [PATCH 1/1] fix d_revalidate oopsen on NFS exports
Date: Thu, 1 Dec 2011 18:29:47 +1100 [thread overview]
Message-ID: <20111201072947.GA10329@onthe.net.au> (raw)
In-Reply-To: <20111201063157.GA495@boyd>
On Thu, Dec 01, 2011 at 12:31:58AM -0600, Tyler Hicks wrote:
> On 2011-12-01 11:47:09, Chris Dunlop wrote:
>> On Wed, Nov 30, 2011 at 08:54:43AM +0000, David Howells wrote:
>>> Chris Dunlop <chris@onthe.net.au> wrote:
>>>
>>>> To avoid other people further wasting their and your time on
>>>> exactly the same thing future, how something like the following
>>>> patch, based on your comment in:
>>>>
>>>> http://article.gmane.org/gmane.linux.nfs/40370
>>>>
>>>> ...and, if that's acceptable, is it worthwhile doing for the
>>>> other file systems which are likewise currently vulnerable when
>>>> abused by broken layered file systems?
>>>
>>> Also, this may get fixed by Al's atomic open patches - but obviously it hasn't
>>> been yet...
>>>
>>>> Don't oops when abused by broken layered file systems
>>>>
>>>> Signed-off-by: Chris Dunlop <chris@onthe.net.au>
>>>
>>> Acked-by: David Howells <dhowells@redhat.com>
>>>
>>> It's also worth printing a message - this *is* a kernel bug of some description
>>> if it happens.
>>
>> Like the below? This covers the d_revalidate for 9p, afs, coda,
>> hfs, ncpfs, proc, sysfs.
>
> I don't like the looks of this patch. It makes sense for NFS to error
> out of d_revalidate() when passed a NULL nameidata pointer because NFS
> actually uses the nameidata to do something useful. That can't be said
> about the other filesystems in this patch.
I can see nd is used in nfs_open_revalidate(), but is it
necessarily used in nfs_lookup_revalidate()? I'm way out of my
depth here, but everywhere it's used in nfs_lookup_revalidate()
(nfs_neg_need_reval(), nfs_is_exclusive_create(),
nfs_lookup_verify_inode()) there are also checks for nd != NULL.
> Why not handle the other filesystems like the previous fixes you
> referenced in your original email by checking for a non-NULL nd like
> this:
>
> if (nd && nd->flags & LOOKUP_RCU)
> return -ECHILD;
'Cos Trond scared me into it! ;-)
But mostly because I don't really know what I'm doing. The
original patch came about because I was tracking down the Oops
in the NFS code and it seemed such an obvious fix that
lookup_one_len() passes down a hard-coded NULL and that NULL
isn't checked in all the d_revalidate routines. I thought I'd do
the right thing and make sure it was checked everywhere. Little
did I know there's "history" behind it! I'm afraid I don't know
anywhere near enough to argue about the right way to deal with it.
> I'm also not sure about the printk in the NFS case. Instead of littering
> the logs, we should probably just disallow the stacked filesystem (are
> we talking about eCryptfs here?) from mounting on top of NFS in the
> first place.
See other reply: it wasn't a stacked file system.
But it seems useful to have the d_revalidate routines indicate
via the log that they're being abused.
Chris
WARNING: multiple messages have this Message-ID (diff)
From: Chris Dunlop <chris-s239Etu9j1dPR4JQBCEnsQ@public.gmane.org>
To: Tyler Hicks <tyhicks-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>
Cc: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Al Viro <viro-RmSDqhL/yNMiFSDQTTA3OLVCufUGDwFn@public.gmane.org>,
"Myklebust,
Trond" <Trond.Myklebust-HgOvQuBEEgTQT0dZR+AlfA@public.gmane.org>,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Eric Van Hensbergen
<ericvh-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Ron Minnich <rminnich-4OHPYypu0djtX7QSmKvirg@public.gmane.org>,
Latchesar Ionkov <lucho-OnYtXJJ0/fesTnJN9+BGXg@public.gmane.org>,
Jan Harkes <jaharkes-ETDLCGt7PQU3uPMLIKxrzw@public.gmane.org>,
"maintainer:CODA FILE SYSTEM"
<coda-ETDLCGt7PQU3uPMLIKxrzw@public.gmane.org>,
Dave Kleikamp <shaggy-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Petr Vandrovec <petr-vPk2MGR0e28uaRcfnNAh7A@public.gmane.org>,
Greg Kroah-Hartman <gregkh-l3A5Bk7waGM@public.gmane.org>,
v9fs-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
linux-afs-IAPFreCvJWM7uuMidbF8XUB+6BGkLq7r@public.gmane.org,
codalist-OCorLXSLWn+MVn35/9/JlcWGCVk0P7UB@public.gmane.org,
jfs-discussion-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 1/1] fix d_revalidate oopsen on NFS exports
Date: Thu, 1 Dec 2011 18:29:47 +1100 [thread overview]
Message-ID: <20111201072947.GA10329@onthe.net.au> (raw)
In-Reply-To: <20111201063157.GA495@boyd>
On Thu, Dec 01, 2011 at 12:31:58AM -0600, Tyler Hicks wrote:
> On 2011-12-01 11:47:09, Chris Dunlop wrote:
>> On Wed, Nov 30, 2011 at 08:54:43AM +0000, David Howells wrote:
>>> Chris Dunlop <chris-s239Etu9j1dPR4JQBCEnsQ@public.gmane.org> wrote:
>>>
>>>> To avoid other people further wasting their and your time on
>>>> exactly the same thing future, how something like the following
>>>> patch, based on your comment in:
>>>>
>>>> http://article.gmane.org/gmane.linux.nfs/40370
>>>>
>>>> ...and, if that's acceptable, is it worthwhile doing for the
>>>> other file systems which are likewise currently vulnerable when
>>>> abused by broken layered file systems?
>>>
>>> Also, this may get fixed by Al's atomic open patches - but obviously it hasn't
>>> been yet...
>>>
>>>> Don't oops when abused by broken layered file systems
>>>>
>>>> Signed-off-by: Chris Dunlop <chris-s239Etu9j1dPR4JQBCEnsQ@public.gmane.org>
>>>
>>> Acked-by: David Howells <dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
>>>
>>> It's also worth printing a message - this *is* a kernel bug of some description
>>> if it happens.
>>
>> Like the below? This covers the d_revalidate for 9p, afs, coda,
>> hfs, ncpfs, proc, sysfs.
>
> I don't like the looks of this patch. It makes sense for NFS to error
> out of d_revalidate() when passed a NULL nameidata pointer because NFS
> actually uses the nameidata to do something useful. That can't be said
> about the other filesystems in this patch.
I can see nd is used in nfs_open_revalidate(), but is it
necessarily used in nfs_lookup_revalidate()? I'm way out of my
depth here, but everywhere it's used in nfs_lookup_revalidate()
(nfs_neg_need_reval(), nfs_is_exclusive_create(),
nfs_lookup_verify_inode()) there are also checks for nd != NULL.
> Why not handle the other filesystems like the previous fixes you
> referenced in your original email by checking for a non-NULL nd like
> this:
>
> if (nd && nd->flags & LOOKUP_RCU)
> return -ECHILD;
'Cos Trond scared me into it! ;-)
But mostly because I don't really know what I'm doing. The
original patch came about because I was tracking down the Oops
in the NFS code and it seemed such an obvious fix that
lookup_one_len() passes down a hard-coded NULL and that NULL
isn't checked in all the d_revalidate routines. I thought I'd do
the right thing and make sure it was checked everywhere. Little
did I know there's "history" behind it! I'm afraid I don't know
anywhere near enough to argue about the right way to deal with it.
> I'm also not sure about the printk in the NFS case. Instead of littering
> the logs, we should probably just disallow the stacked filesystem (are
> we talking about eCryptfs here?) from mounting on top of NFS in the
> first place.
See other reply: it wasn't a stacked file system.
But it seems useful to have the d_revalidate routines indicate
via the log that they're being abused.
Chris
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-12-01 7:29 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-21 7:36 [PATCH 1/1] fix d_revalidate oopsen on NFS exports Chris Dunlop
2011-11-21 7:36 ` Chris Dunlop
2011-11-29 8:25 ` Chris Dunlop
2011-11-29 8:25 ` Chris Dunlop
2011-11-29 11:58 ` Myklebust, Trond
2011-11-29 11:58 ` Myklebust, Trond
2011-11-30 7:13 ` Chris Dunlop
2011-11-30 8:54 ` David Howells
2011-11-30 8:54 ` David Howells
2011-12-01 0:47 ` Chris Dunlop
2011-12-01 2:22 ` Dave Kleikamp
2011-12-01 3:33 ` Chris Dunlop
2011-12-01 3:53 ` Dave Kleikamp
2011-12-01 3:53 ` Dave Kleikamp
2011-12-01 5:32 ` Chris Dunlop
2011-12-01 5:32 ` Chris Dunlop
2011-12-01 5:34 ` Chris Dunlop
2011-12-01 5:34 ` Chris Dunlop
2011-12-01 6:31 ` Tyler Hicks
2011-12-01 7:29 ` Chris Dunlop [this message]
2011-12-01 7:29 ` Chris Dunlop
2011-12-06 11:43 ` Jacek Luczak
2011-12-01 6:50 ` Tyler Hicks
2011-12-01 7:23 ` Chris Dunlop
2011-12-01 7:23 ` Chris Dunlop
2011-12-01 8:02 ` Tyler Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111201072947.GA10329@onthe.net.au \
--to=chris@onthe.net.au \
--cc=Trond.Myklebust@netapp.com \
--cc=coda@cs.cmu.edu \
--cc=codalist@TELEMANN.coda.cs.cmu.edu \
--cc=dhowells@redhat.com \
--cc=ericvh@gmail.com \
--cc=gregkh@suse.de \
--cc=jaharkes@cs.cmu.edu \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-afs@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=lucho@ionkov.net \
--cc=petr@vandrovec.name \
--cc=rminnich@sandia.gov \
--cc=shaggy@kernel.org \
--cc=tyhicks@canonical.com \
--cc=v9fs-developer@lists.sourceforge.net \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.