From: Al Viro <viro@zeniv.linux.org.uk>
To: Bartosz Golaszewski <brgl@bgdev.pl>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>,
Linus Walleij <linus.walleij@linaro.org>,
"open list:GPIO SUBSYSTEM" <linux-gpio@vger.kernel.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] gpio: updates for v5.13
Date: Tue, 4 May 2021 17:34:42 +0000 [thread overview]
Message-ID: <YJGFsrPBoQsKj+JZ@zeniv-ca.linux.org.uk> (raw)
In-Reply-To: <CAMRc=Mdh9LvUQCxcyt7ZBjitDB2noVnOptft_VORDhffxJaeCA@mail.gmail.com>
On Tue, May 04, 2021 at 04:17:02PM +0200, Bartosz Golaszewski wrote:
> > Incidentally, if your code critically depends upon some field
> > being first in such-and-such structure, you should either get rid of
> > the dependency or at least bother to document that.
> > That
> > + /*
> > + * Free memory allocated for the pending and live
> > directories
> > + * of committable groups.
> > + */
> > + if (sd->s_type & (CONFIGFS_GROUP_PENDING |
> > CONFIGFS_GROUP_LIVE))
> > + kfree(sd->s_element);
> > +
> > is asking for trouble down the road.
> >
>
> I'm not sure if this is a hard NAK for these changes or if you
> consider this something that can be ironed out post v5.13-rc1?
Rename implementation is simply bogus. You are, for some reason, attaching
stuff to *destination*, which won't be seen by anyone not currently using
it. It's the old_dentry that will be seen from that point on - you are
moving it to new location by that d_move(). So I rather wonder how much
had that thing been tested. And I'm pretty much certain that you are
mishandling the refcounts on configfs-internal objects, with everything
that entails in terms of UAF and leaks.
FWIW, I'm not happy about the userland API of that thing (what is supposed
to happen if you create, move to live, then create another with the same
name and try to move it to live or original back from live?), but
Documentation/filesystems/configfs.rst is too sparse on such details.
So I would like to see the specifics on that as well. _Before_ signing
up on anything, including "we can fix it up after merge".
next prev parent reply other threads:[~2021-05-04 17:34 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-02 19:32 [GIT PULL] gpio: updates for v5.13 Bartosz Golaszewski
2021-05-03 18:03 ` Linus Torvalds
2021-05-03 18:28 ` Al Viro
2021-05-03 18:29 ` Linus Torvalds
2021-05-04 1:55 ` Al Viro
2021-05-04 14:17 ` Bartosz Golaszewski
2021-05-04 17:34 ` Al Viro [this message]
2021-05-04 17:41 ` Andy Shevchenko
2021-05-05 14:19 ` Bartosz Golaszewski
2021-05-12 19:11 ` configfs: commitable items (was Re: [GIT PULL] gpio: updates for v5.13) Bartosz Golaszewski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YJGFsrPBoQsKj+JZ@zeniv-ca.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=andriy.shevchenko@linux.intel.com \
--cc=brgl@bgdev.pl \
--cc=linus.walleij@linaro.org \
--cc=linux-gpio@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox