On Mon, Nov 15, 2010 at 10:23 PM, Nick Piggin <npiggin@xxxxxxxxx> wrote:
>
> fs: d_validate fixes
>
> d_validate has been broken for a long time.
>
> kmem_ptr_validate does not guarantee that a pointer can be dereferenced
> if it can go away at any time. Even rcu_read_lock doesn't help, because
> the pointer might be queued in RCU callbacks but not executed yet.
Hmm. Iirc (and it's possible that I don't) the original reason for the
whole kmem_ptr_validate() was for nfsd sending dentry pointers back
and forth as part of the FH.
So we really _did_ need to do basic validation, and no, we didn't care
about things like DEBUG_PAGEALLOC, because that's totally
inappropriate for a nfs server anyway. So it was "broken", but it
worked.
Now, I hope that kind of "we really fundamentally cannot even trust
the pointer" doesn't exist any more, in which case I agree with you.
But historically, it really did matter at some point, and when the
code says "insecure source", it really means it - it could
historically have come from user space or over the network.
Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
