All of lore.kernel.org
 help / color / mirror / Atom feed
From: Amir Goldstein <amir73il@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
	Vivek Goyal <vgoyal@redhat.com>,
	overlayfs <linux-unionfs@vger.kernel.org>
Subject: Re: [PATCH v4 9/9] ovl: use iget5_prealloc() to hash a newly created inode
Date: Fri, 18 May 2018 19:53:41 +0300	[thread overview]
Message-ID: <CAOQ4uxiE4CzDHh6gki3bA4WO-dCMT9SxRRj2oUJ6aZ7RA462Cg@mail.gmail.com> (raw)
In-Reply-To: <CAJfpegtWNh8gQ+-vG0hsNWiW9FKH7u9C+HGig35CD2CdPzHf4w@mail.gmail.com>

On Fri, May 18, 2018 at 6:57 PM, Miklos Szeredi <miklos@szeredi.hu> wrote:
> On Fri, May 18, 2018 at 5:36 PM, Amir Goldstein <amir73il@gmail.com> wrote:
>> On Fri, May 18, 2018 at 6:11 PM, Miklos Szeredi <miklos@szeredi.hu> wrote:
>>> On Fri, May 18, 2018 at 5:03 PM, Al Viro <viro@zeniv.linux.org.uk> wrote:
>>>> On Fri, May 18, 2018 at 11:29:37AM +0300, Amir Goldstein wrote:
>>>>> Currently, there is a small window where ovl_obtain_alias() can
>>>>> race with ovl_instantiate() and create two different overlay inodes
>>>>> with the same underlying real non-dir non-hardlink inode.
>>>>>
>>>>> The race requires an adversary to guess the file handle of the
>>>>> yet to be created upper inode and decode the guessed file handle
>>>>> after ovl_creat_real(), but before ovl_instantiate().
>>>>> This race does not affect overlay directory inodes, because those
>>>>> are decoded via ovl_lookup_real() and not with ovl_obtain_alias().
>>>>>
>>>>> This patch fixes the race, by using iget5_prealloc() to add a newly
>>>>> created inode to cache.
>>>>
>>>> Mind explaining what the hell is wrong with insert_inode_locked4()?
>>>
>>> That it doesn't return the old inode if found.
>>>
>>
>> FYI, I have set a side a version I was working on before iget5_prealloc()
>> that uses insert_inode_locked5 (runner up for ugliest function name):
>>
>> +int insert_inode_locked4(struct inode *inode, unsigned long hashval,
>> +               int (*test)(struct inode *, void *), void *data)
>> +{
>> +       struct inode *old = insert_inode_locked5(inode, hashval, test, data);
>>
>> +       if (old) {
>> +               iput(old);
>> +               return -EBUSY;
>> +       }
>> +
>> +       return 0;
>> +}
>> +EXPORT_SYMBOL(insert_inode_locked4);
>
> Can do exact same thing with iget5_prealloc(), just need to move
> inode_sb_list_add() out to iget5_locked() (meaning, overlayfs can
> continue to use new_inode()/iput() instead of having to do
> alloc/destroy_inode()).
>

Yeh, using alloc/destroy_inode() isn't pretty.
I'll let you untangle iget5_prealloc() and inode_sb_list.

Let me know if you have something to test.

Thanks,
Amir.

  reply	other threads:[~2018-05-18 16:53 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-05-18  8:29 [PATCH v4 0/9] Overlayfs create object related fixes Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 1/9] ovl: remove WARN_ON() real inode attributes mismatch Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 2/9] ovl: strip debug argument from ovl_do_ helpers Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 3/9] ovl: struct cattr cleanups Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 4/9] ovl: create helper ovl_create_temp() Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 5/9] ovl: make ovl_create_real() cope with vfs_mkdir() safely Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 6/9] vfs: factor out iget5_prealloc() Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 7/9] vfs: export alloc_inode() and destroy_inode() Amir Goldstein
2018-05-18 15:02   ` Al Viro
2018-05-18  8:29 ` [PATCH v4 8/9] ovl: Pass argument to ovl_get_inode() in a structure Amir Goldstein
2018-05-18  8:29 ` [PATCH v4 9/9] ovl: use iget5_prealloc() to hash a newly created inode Amir Goldstein
2018-05-18 10:14   ` Miklos Szeredi
2018-05-18 14:08     ` Amir Goldstein
2018-05-18 14:24       ` Miklos Szeredi
2018-05-18 15:03   ` Al Viro
2018-05-18 15:11     ` Miklos Szeredi
2018-05-18 15:14       ` Miklos Szeredi
2018-05-18 15:36       ` Amir Goldstein
2018-05-18 15:57         ` Miklos Szeredi
2018-05-18 16:53           ` Amir Goldstein [this message]
2018-05-18 15:40       ` Al Viro
2018-05-18 16:01         ` Miklos Szeredi
2018-05-22 15:21           ` Miklos Szeredi
2018-05-23  8:11             ` Amir Goldstein

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAOQ4uxiE4CzDHh6gki3bA4WO-dCMT9SxRRj2oUJ6aZ7RA462Cg@mail.gmail.com \
    --to=amir73il@gmail.com \
    --cc=linux-unionfs@vger.kernel.org \
    --cc=miklos@szeredi.hu \
    --cc=vgoyal@redhat.com \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.