[PATCHSET v2 0/5] xfs: make attr forks permanent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

This series fixes a use-after-free bug that syzbot uncovered.  The UAF
itself is a result of a race condition between getxattr and removexattr
because callers to getxattr do not necessarily take any sort of locks
before calling into the filesystem.

Although the race condition itself can be fixed through clever use of a
memory barrier, further consideration of the use cases of extended
attributes shows that most files always have at least one attribute, so
we might as well make them permanent.

Note: Patch 3 still needs review.

v2: Minor tweaks suggested by Dave, and convert some more macros to
helper functions.

If you're going to start using this mess, you probably ought to just
pull from my git trees, which are linked below.

This is an extraordinary way to destroy everything.  Enjoy!
Comments and questions are, as always, welcome.

--D

kernel git tree:
https://git.kernel.org/cgit/linux/kernel/git/djwong/xfs-linux.git/log/?h=make-attr-fork-permanent-5.20
---
 fs/xfs/libxfs/xfs_attr.c           |   20 ++++-----
 fs/xfs/libxfs/xfs_attr.h           |   10 ++--
 fs/xfs/libxfs/xfs_attr_leaf.c      |   29 ++++++-------
 fs/xfs/libxfs/xfs_bmap.c           |   81 ++++++++++++++++++------------------
 fs/xfs/libxfs/xfs_bmap_btree.c     |   10 ++--
 fs/xfs/libxfs/xfs_btree.c          |    4 +-
 fs/xfs/libxfs/xfs_dir2.c           |    2 -
 fs/xfs/libxfs/xfs_dir2_block.c     |    6 +--
 fs/xfs/libxfs/xfs_dir2_sf.c        |    8 ++--
 fs/xfs/libxfs/xfs_inode_buf.c      |    7 +--
 fs/xfs/libxfs/xfs_inode_fork.c     |   65 ++++++++++++++++-------------
 fs/xfs/libxfs/xfs_inode_fork.h     |   27 ++----------
 fs/xfs/libxfs/xfs_symlink_remote.c |    2 -
 fs/xfs/scrub/bmap.c                |   14 +++---
 fs/xfs/scrub/btree.c               |    2 -
 fs/xfs/scrub/dabtree.c             |    2 -
 fs/xfs/scrub/dir.c                 |    2 -
 fs/xfs/scrub/quota.c               |    2 -
 fs/xfs/scrub/symlink.c             |    6 +--
 fs/xfs/xfs_attr_inactive.c         |   16 +++----
 fs/xfs/xfs_attr_list.c             |    9 ++--
 fs/xfs/xfs_bmap_util.c             |   22 +++++-----
 fs/xfs/xfs_dir2_readdir.c          |    2 -
 fs/xfs/xfs_icache.c                |   12 +++--
 fs/xfs/xfs_inode.c                 |   24 +++++------
 fs/xfs/xfs_inode.h                 |   62 +++++++++++++++++++++++++++-
 fs/xfs/xfs_inode_item.c            |   58 +++++++++++++-------------
 fs/xfs/xfs_ioctl.c                 |    2 -
 fs/xfs/xfs_iomap.c                 |    8 ++--
 fs/xfs/xfs_iops.c                  |    2 -
 fs/xfs/xfs_itable.c                |    4 +-
 fs/xfs/xfs_qm.c                    |    2 -
 fs/xfs/xfs_reflink.c               |    6 +--
 fs/xfs/xfs_symlink.c               |    2 -
 fs/xfs/xfs_trace.h                 |    2 -
 35 files changed, 285 insertions(+), 247 deletions(-)




[Index of Archives]     [XFS Filesystem Development (older mail)]     [Linux Filesystem Development]     [Linux Audio Users]     [Yosemite Trails]     [Linux Kernel]     [Linux RAID]     [Linux SCSI]


  Powered by Linux