All of lore.kernel.org
 help / color / mirror / Atom feed
* [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex
@ 2016-10-19  1:23 Namhyung Kim
  2016-10-19  1:23 ` [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf Namhyung Kim
  2016-11-15 23:20 ` [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Kees Cook
  0 siblings, 2 replies; 4+ messages in thread
From: Namhyung Kim @ 2016-10-19  1:23 UTC (permalink / raw)
  To: Kees Cook; +Cc: Anton Vorontsov, Colin Cross, Tony Luck, LKML, Stefan Hajnoczi

When update_ms is set, pstore_get_records() will be called when there's
a new entry.  But unlink can be called at the same time and might
contend with the open-read-close loop.  Depending on the implementation
of platform driver, it may be safe or not.  But I think it'd be better
to protect those race in the first place.

Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
---
 fs/pstore/inode.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
index 1781dc50762e..75728dfae0a6 100644
--- a/fs/pstore/inode.c
+++ b/fs/pstore/inode.c
@@ -197,11 +197,14 @@ static int pstore_unlink(struct inode *dir, struct dentry *dentry)
 	if (err)
 		return err;
 
-	if (p->psi->erase)
+	if (p->psi->erase) {
+		mutex_lock(&p->psi->read_mutex);
 		p->psi->erase(p->type, p->id, p->count,
 			      d_inode(dentry)->i_ctime, p->psi);
-	else
+		mutex_unlock(&p->psi->read_mutex);
+	} else {
 		return -EPERM;
+	}
 
 	return simple_unlink(dir, dentry);
 }
-- 
2.9.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf
  2016-10-19  1:23 [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Namhyung Kim
@ 2016-10-19  1:23 ` Namhyung Kim
  2016-11-15 23:21   ` Kees Cook
  2016-11-15 23:20 ` [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Kees Cook
  1 sibling, 1 reply; 4+ messages in thread
From: Namhyung Kim @ 2016-10-19  1:23 UTC (permalink / raw)
  To: Kees Cook; +Cc: Anton Vorontsov, Colin Cross, Tony Luck, LKML, Stefan Hajnoczi

Maybe I'm missing something, but I don't know why it needs to copy the
input buffer to psinfo->buf and then write.  Instead we can write the
input buffer directly.  The only implementation that supports console
message (i.e. ramoops) already does it for ftrace messages.

For the upcoming virtio backend driver, it needs to protect psinfo->buf
overwritten from console messages.  If it could use ->write_buf method
instead of ->write, the problem will be solved easily.

Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
---
 fs/pstore/platform.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
index 14984d902a99..960d66251bab 100644
--- a/fs/pstore/platform.c
+++ b/fs/pstore/platform.c
@@ -584,8 +584,8 @@ static void pstore_console_write(struct console *con, const char *s, unsigned c)
 		} else {
 			spin_lock_irqsave(&psinfo->buf_lock, flags);
 		}
-		memcpy(psinfo->buf, s, c);
-		psinfo->write(PSTORE_TYPE_CONSOLE, 0, &id, 0, 0, 0, c, psinfo);
+		psinfo->write_buf(PSTORE_TYPE_CONSOLE, 0, &id, 0,
+				  s, 0, c, psinfo);
 		spin_unlock_irqrestore(&psinfo->buf_lock, flags);
 		s += c;
 		c = e - s;
-- 
2.9.3

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex
  2016-10-19  1:23 [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Namhyung Kim
  2016-10-19  1:23 ` [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf Namhyung Kim
@ 2016-11-15 23:20 ` Kees Cook
  1 sibling, 0 replies; 4+ messages in thread
From: Kees Cook @ 2016-11-15 23:20 UTC (permalink / raw)
  To: Namhyung Kim
  Cc: Anton Vorontsov, Colin Cross, Tony Luck, LKML, Stefan Hajnoczi

On Tue, Oct 18, 2016 at 6:23 PM, Namhyung Kim <namhyung@kernel.org> wrote:
> When update_ms is set, pstore_get_records() will be called when there's
> a new entry.  But unlink can be called at the same time and might
> contend with the open-read-close loop.  Depending on the implementation
> of platform driver, it may be safe or not.  But I think it'd be better
> to protect those race in the first place.
>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>

This looks correct to me, thanks! It should appear in -next shortly...

-Kees

> ---
>  fs/pstore/inode.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
>
> diff --git a/fs/pstore/inode.c b/fs/pstore/inode.c
> index 1781dc50762e..75728dfae0a6 100644
> --- a/fs/pstore/inode.c
> +++ b/fs/pstore/inode.c
> @@ -197,11 +197,14 @@ static int pstore_unlink(struct inode *dir, struct dentry *dentry)
>         if (err)
>                 return err;
>
> -       if (p->psi->erase)
> +       if (p->psi->erase) {
> +               mutex_lock(&p->psi->read_mutex);
>                 p->psi->erase(p->type, p->id, p->count,
>                               d_inode(dentry)->i_ctime, p->psi);
> -       else
> +               mutex_unlock(&p->psi->read_mutex);
> +       } else {
>                 return -EPERM;
> +       }
>
>         return simple_unlink(dir, dentry);
>  }
> --
> 2.9.3
>



-- 
Kees Cook
Nexus Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf
  2016-10-19  1:23 ` [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf Namhyung Kim
@ 2016-11-15 23:21   ` Kees Cook
  0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2016-11-15 23:21 UTC (permalink / raw)
  To: Namhyung Kim
  Cc: Anton Vorontsov, Colin Cross, Tony Luck, LKML, Stefan Hajnoczi

On Tue, Oct 18, 2016 at 6:23 PM, Namhyung Kim <namhyung@kernel.org> wrote:
> Maybe I'm missing something, but I don't know why it needs to copy the
> input buffer to psinfo->buf and then write.  Instead we can write the
> input buffer directly.  The only implementation that supports console
> message (i.e. ramoops) already does it for ftrace messages.
>
> For the upcoming virtio backend driver, it needs to protect psinfo->buf
> overwritten from console messages.  If it could use ->write_buf method
> instead of ->write, the problem will be solved easily.

Agreed, this looks like needless bounce-buffering. Thanks!

-Kees

>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> ---
>  fs/pstore/platform.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/fs/pstore/platform.c b/fs/pstore/platform.c
> index 14984d902a99..960d66251bab 100644
> --- a/fs/pstore/platform.c
> +++ b/fs/pstore/platform.c
> @@ -584,8 +584,8 @@ static void pstore_console_write(struct console *con, const char *s, unsigned c)
>                 } else {
>                         spin_lock_irqsave(&psinfo->buf_lock, flags);
>                 }
> -               memcpy(psinfo->buf, s, c);
> -               psinfo->write(PSTORE_TYPE_CONSOLE, 0, &id, 0, 0, 0, c, psinfo);
> +               psinfo->write_buf(PSTORE_TYPE_CONSOLE, 0, &id, 0,
> +                                 s, 0, c, psinfo);
>                 spin_unlock_irqrestore(&psinfo->buf_lock, flags);
>                 s += c;
>                 c = e - s;
> --
> 2.9.3
>



-- 
Kees Cook
Nexus Security

^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-11-15 23:21 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-19  1:23 [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Namhyung Kim
2016-10-19  1:23 ` [RFC/PATCH 2/2] pstore: Convert console write to use ->write_buf Namhyung Kim
2016-11-15 23:21   ` Kees Cook
2016-11-15 23:20 ` [RFC/PATCH 1/2] pstore: Protect unlink with read_mutex Kees Cook

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.