Re: Missed error checking for intent's filp in open_namei in 2.6.15

On Sun, 2006-02-19 at 01:11 +0200, Oleg Drokin wrote:
> Hello!
> 
>    It seems there is error check missing in open_namei for errors returned
>    through intent.open.file (from lookup_instantiate_filp).
>    If there is plain open performed, then such a check done inside
>    __path_lookup_intent_open called from path_lookup_open(), but
>    when the open is performed with O_CREAT flag set, then
>    __path_lookup_intent_open is only called with LOOKUP_PARENT set where no file
>    opening can occur yet. Later on lookup_hash is called where exact opening
>    might take place and intent.open.file may be filled. If it is filled
>    with error value of some sort, then we get kernel attempting to dereference
>    this error value as address (and corresponding oops) in nameidata_to_filp()
>    called from filp_open().
>    While this is relatively simple to workaround in ->lookup() method by just
>    checking lookup_instantiate_filp() return value and returning error as
>    needed, this is not so easy in ->d_revalidate(), where we can only return
>    "yes, dentry is valid" or "no, dentry is invalid, perform full lookup again",
>    and just returning 0 on error would cause extra lookup (with potential
>    extra costly RPCs).
>    So in short, I believe that there should be no difference in error handling
>    for opening a file and creating a file in open_namei() and propose
>    this simple patch as a solution.
>    What do you think?

You're going to have to convert that semaphore call to a mutex call if
you want to apply it to 2.6.16 too, but otherwise it looks good.

Cheers,
  Trond

> --- fs/namei.c.orig	2006-02-19 00:33:24.000000000 +0200
> +++ fs/namei.c	2006-02-19 00:46:28.000000000 +0200
> @@ -1575,6 +1575,12 @@ do_last:
>  		goto exit;
>  	}
>  
> +        if (IS_ERR(nd->intent.open.file)) {
> +		up(&dir->d_inode->i_sem);
> +		error = PTR_ERR(nd->intent.open.file);
> +		goto exit_dput;
> +	}
> +
>  	/* Negative dentry, just create the file */
>  	if (!path.dentry->d_inode) {
>  		if (!IS_POSIXACL(dir->d_inode))
> 
> Bye,
>     Oleg

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

---

• References:
  • Missed error checking for intent's filp in open_namei in 2.6.15
    • From: Oleg Drokin <[email protected]>

• Prev by Date: Re: kbuild:
• Next by Date: Re: No sound from SB live!
• Previous by thread: Missed error checking for intent's filp in open_namei in 2.6.15
• Next by thread: No sound from SB live!
• Index(es):
  • Date
  • Thread

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]