kernel-fxtec-pro1x/fs
Louis Rilling 2a109f2a41 [PATCH] configfs: Prevent userspace from creating new entries under attaching directories
process 1: 					process 2:
configfs_mkdir("A")
  attach_group("A")
    attach_item("A")
      d_instantiate("A")
    populate_groups("A")
      mutex_lock("A")
      attach_group("A/B")
        attach_item("A")
          d_instantiate("A/B")
						mkdir("A/B/C")
						  do_path_lookup("A/B/C", LOOKUP_PARENT)
						    ok
						  lookup_create("A/B/C")
						    mutex_lock("A/B")
						    ok
						  configfs_mkdir("A/B/C")
						    ok
      attach_group("A/C")
        attach_item("A/C")
          d_instantiate("A/C")
        populate_groups("A/C")
          mutex_lock("A/C")
          attach_group("A/C/D")
            attach_item("A/C/D")
              failure
          mutex_unlock("A/C")
          detach_groups("A/C")
            nothing to do
						mkdir("A/C/E")
						  do_path_lookup("A/C/E", LOOKUP_PARENT)
						    ok
						  lookup_create("A/C/E")
						    mutex_lock("A/C")
						    ok
						  configfs_mkdir("A/C/E")
						    ok
        detach_item("A/C")
        d_delete("A/C")
      mutex_unlock("A")
      detach_groups("A")
        mutex_lock("A/B")
        detach_group("A/B")
	  detach_groups("A/B")
	    nothing since no _default_ group
          detach_item("A/B")
        mutex_unlock("A/B")
        d_delete("A/B")
    detach_item("A")
    d_delete("A")

Two bugs:

1/ "A/B/C" and "A/C/E" are created, but never removed while their parent are
removed in the end. The same could happen with symlink() instead of mkdir().

2/ "A" and "A/C" inodes are not locked while detach_item() is called on them,
   which may probably confuse VFS.

This commit fixes 1/, tagging new directories with CONFIGFS_USET_CREATING before
building the inode and instantiating the dentry, and validating the whole
group+default groups hierarchy in a second pass by clearing
CONFIGFS_USET_CREATING.
	mkdir(), symlink(), lookup(), and dir_open() simply return -ENOENT if
called in (or linking to) a directory tagged with CONFIGFS_USET_CREATING. This
does not prevent userspace from calling stat() successfuly on such directories,
but this prevents userspace from adding (children to | symlinking from/to |
read/write attributes of | listing the contents of) not validated items. In
other words, userspace will not interact with the subsystem on a new item until
the new item creation completes correctly.
	It was first proposed to re-use CONFIGFS_USET_IN_MKDIR instead of a new
flag CONFIGFS_USET_CREATING, but this generated conflicts when checking the
target of a new symlink: a valid target directory in the middle of attaching
a new user-created child item could be wrongly detected as being attached.

2/ is fixed by next commit.

Signed-off-by: Louis Rilling <louis.rilling@kerlabs.com>
Signed-off-by: Joel Becker <joel.becker@oracle.com>
Signed-off-by: Mark Fasheh <mfasheh@suse.com>
2008-07-31 16:21:13 -07:00
..
9p 9p: fix O_APPEND in legacy mode 2008-07-03 09:59:03 -05:00
adfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
affs [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
afs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
autofs mount options: fix autofs 2008-02-08 09:22:40 -08:00
autofs4 autofs4: remove unused ioctls 2008-07-24 10:47:33 -07:00
befs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
bfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
cifs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
coda [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
configfs [PATCH] configfs: Prevent userspace from creating new entries under attaching directories 2008-07-31 16:21:13 -07:00
cramfs fs: Remove unnecessary inclusions of asm/semaphore.h 2008-04-18 22:16:44 -04:00
debugfs debugfs: Implement debugfs_remove_recursive() 2008-07-21 21:54:59 -07:00
devpts devpts: factor out PTY index allocation 2008-04-30 08:29:48 -07:00
dlm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/dlm 2008-07-28 09:46:00 -07:00
ecryptfs eCryptfs: use page_alloc not kmalloc to get a page of memory 2008-07-28 16:30:21 -07:00
efs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
exportfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ext2 vfs: pagecache usage optimization for pagesize!=blocksize 2008-07-28 16:30:21 -07:00
ext3 vfs: pagecache usage optimization for pagesize!=blocksize 2008-07-28 16:30:21 -07:00
ext4 vfs: pagecache usage optimization for pagesize!=blocksize 2008-07-28 16:30:21 -07:00
fat [patch 3/4] fat: dont call notify_change 2008-07-26 20:53:27 -04:00
freevxfs fs/freevxfs/: proper externs 2008-04-29 08:06:00 -07:00
fuse [PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess 2008-07-26 20:53:21 -04:00
gfs2 [PATCH] don't pass nameidata to gfs2_lookupi() 2008-07-26 20:53:36 -04:00
hfs [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hfsplus [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hostfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
hpfs [patch 05/14] hpfs: dont call permission() 2008-07-26 20:53:13 -04:00
hppfs [patch] hppfs: remove hppfs_permission 2008-07-26 20:53:07 -04:00
hugetlbfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
isofs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
jbd jbd: don't abort if flushing file data failed 2008-07-25 10:53:32 -07:00
jbd2 ext4: Add ordered mode support for delalloc 2008-07-11 19:27:31 -04:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2008-07-26 20:30:56 -07:00
jfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
lockd locks: add special return value for asynchronous locks 2008-07-25 10:53:47 -07:00
minix SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
msdos fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
ncpfs [PATCH] don't pass nameidata to __ncp_lookup_validate() 2008-07-26 20:53:37 -04:00
nfs NFS: Ensure we call nfs_sb_deactive() after releasing the directory inode 2008-07-27 18:20:51 -04:00
nfs_common
nfsd [PATCH] get rid of indirect users of namei.h 2008-07-26 20:53:42 -04:00
nls
ntfs [patch 3/5] vfs: change remove_suid() to file_remove_suid() 2008-07-26 20:53:16 -04:00
ocfs2 [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
omfs omfs: sparse annotations 2008-07-30 09:41:46 -07:00
openpromfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
partitions fs/partitions/efi: convert to pr_debug 2008-07-25 10:53:44 -07:00
proc task IO accounting: move all IO statistics in struct task_io_accounting 2008-07-27 16:12:28 -07:00
qnx4 SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ramfs ramfs: enable splice write 2008-07-04 09:52:14 +02:00
reiserfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
romfs romfs_readpage: don't report errors for pages beyond i_size 2008-07-30 14:30:34 -07:00
smbfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
sysfs Use WARN() in fs/sysfs 2008-07-26 12:00:07 -07:00
sysv SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ubifs [PATCH] get rid of indirect users of namei.h 2008-07-26 20:53:42 -04:00
udf SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ufs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
vfat fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
xfs [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
aio.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
anon_inodes.c flag parameters: NONBLOCK in anon_inode_getfd 2008-07-24 10:47:28 -07:00
attr.c [patch 4/4] vfs: immutable inode checking cleanup 2008-07-26 20:53:28 -04:00
bad_inode.c [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
binfmt_aout.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf_fdpic.c binfmt_elf_fdpic: Magical stack pointer index, for NEW_AUX_ENT compat. 2008-07-28 18:10:28 +09:00
binfmt_em86.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_flat.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_misc.c binfmt_misc: use simple_read_from_buffer() 2008-07-24 10:47:27 -07:00
binfmt_script.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_som.c tracehook: exec 2008-07-26 12:00:08 -07:00
bio-integrity.c bio-integrity: remove EXPORT_SYMBOL for bio_integrity_init_slab() 2008-07-28 16:30:21 -07:00
bio.c dio: use get_user_pages_fast 2008-07-26 12:00:06 -07:00
block_dev.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
buffer.c fs/buffer.c: uninline __remove_assoc_queue() 2008-07-30 09:41:46 -07:00
char_dev.c Remove the lock_kernel() call from chrdev_open() 2008-06-20 14:05:53 -06:00
compat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
compat_binfmt_elf.c x86: compat_binfmt_elf 2008-01-30 13:31:46 +01:00
compat_ioctl.c remove unused #include <linux/dirent.h>'s 2008-07-25 10:53:34 -07:00
dcache.c vfs: add cond_resched_lock while scanning dentry LRU lists 2008-07-26 12:00:02 -07:00
dcookies.c d_path: Make d_path() use a struct path 2008-02-14 21:17:09 -08:00
direct-io.c dio: use get_user_pages_fast 2008-07-26 12:00:06 -07:00
dnotify.c [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
dquot.c quota: implement sending information via netlink about user below quota 2008-07-25 10:53:35 -07:00
drop_caches.c vfs: skip inodes without pages to free in drop_pagecache_sb() 2008-04-29 08:06:05 -07:00
eventfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
eventpoll.c flag parameters add-on: remove epoll_create size param 2008-07-24 10:47:29 -07:00
exec.c exec: include pagemap.h again to fix build 2008-07-28 16:30:20 -07:00
fcntl.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
fifo.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
file.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
file_table.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
filesystems.c
fs-writeback.c VFS: export sync_sb_inodes 2008-07-14 19:10:52 +03:00
generic_acl.c
inode.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
inotify.c inotify: remove debug code 2008-02-06 10:41:07 -08:00
inotify_user.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
internal.h [PATCH] move a bunch of declarations to fs/internal.h 2008-04-21 23:11:01 -04:00
ioctl.c make vfs_ioctl() static 2008-04-29 08:06:00 -07:00
ioprio.c cfq-iosched: relax IOPRIO_CLASS_IDLE restrictions 2008-01-28 11:38:15 +01:00
Kconfig omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
Kconfig.binfmt sh: Initial ELF FDPIC support. 2008-07-28 18:10:28 +09:00
libfs.c VFS: increase pseudo-filesystem block size to PAGE_SIZE 2008-07-30 09:41:44 -07:00
locks.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
Makefile omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
mbcache.c vfs: fix possible deadlock in ext2, ext3, ext4 when using xattrs 2008-04-15 19:35:41 -07:00
mpage.c vfs: add hooks for ext4's delayed allocation support 2008-07-11 19:27:31 -04:00
namei.c [PATCH] get rid of __user_path_lookup_open 2008-07-26 20:53:41 -04:00
namespace.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
nfsctl.c Introduce path_put() 2008-02-14 21:13:33 -08:00
no-block.c
open.c [PATCH] fix RLIM_NOFILE handling 2008-07-26 20:53:45 -04:00
pipe.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
pnode.c [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
pnode.h [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
posix_acl.c
quota.c quota: cleanup loop in sync_dquots() 2008-07-25 10:53:35 -07:00
quota_v1.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
quota_v2.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
read_write.c Remove BKL from remote_llseek v2 2008-07-02 15:06:27 -06:00
read_write.h
readdir.c
select.c Fix performance regression on lmbench select benchmark 2008-06-22 12:23:15 -07:00
seq_file.c [patch 2/7] vfs: mountinfo: add seq_file_root() 2008-04-23 00:04:38 -04:00
signalfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
splice.c [patch 3/5] vfs: change remove_suid() to file_remove_suid() 2008-07-26 20:53:16 -04:00
stack.c
stat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
super.c fix soft lock up at NFS mount via per-SB LRU-list of unused dentries 2008-07-24 10:47:15 -07:00
sync.c SYNC_FILE_RANGE_WRITE may and will block. Document that. 2008-07-24 10:47:17 -07:00
timerfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
utimes.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr_acl.c