Received: by 10.192.165.148 with SMTP id m20csp321896imm; Thu, 3 May 2018 21:21:57 -0700 (PDT) X-Google-Smtp-Source: AB8JxZotU7OGoYdMwzV8hvYn999UaGnUlMyuls2ypoYO/hqiL4GkEUje8k5FrITcDSTeX/5ZIi6w X-Received: by 2002:a63:864a:: with SMTP id x71-v6mr8453465pgd.175.1525407717550; Thu, 03 May 2018 21:21:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1525407717; cv=none; d=google.com; s=arc-20160816; b=rh7ZVGfd46CkKO1IrVmk8rELh1CDTm/ZjD7fTpq0eqd6WEeZBgWEDIp3qw39GJPC90 Aq2HvJ8X/0x4vFnVlXHvngQ8SlJF5hfLq1m4L+GcV0XSq/amESzF5elj+SjK8x9NnSjK tT+bf/DddgH1rSE0mxeZE3cokGrhqgOD6NE6sDcgDrT+VPVqYWxUuTwm7gum7Ya8ar90 0ZJVsZb24ZaWvbefVSu4qMQkr57Qe9e9sdqiAGCIUlw4trmUgkucink86MoYXbT4DvOB BFe5sNv/K4DE0t9nZrCp/f32TeIRpjXIa3jiK+mlfDzTtUbuzBY25CI9mWv2QjNqZ/ml 7hVw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature :arc-authentication-results; bh=q3hvMAzJvnB8LIByzYw1MT0UXzHakiwlg1QrTOef7Js=; b=fN7aBN9x5lm0TzWzzuWApYsaHwayokG+nDjl4S6J6AcwzfwkAmwxa0UIBIBmTSG4d7 d02nGosEVRpAGvR4+xrjxkcHtTOD3qIHrfR5hfHGzHho0mLSJSSSwoPOb50zludEkm7n 4+cTCxE4+YO0g/PSQq/TsRrq5VCV4sOl6CWxJA/3V7MNwU3zR3lrneY+qOZf80Z0Ji15 EAarrLHgPSA2k1V+VZw90jw3NXzNOLMW3vSopsmiEbjpdXtquwVxf/SVE9S1uY9pp2CX 20ZcPSbpQhDJILMOr0+ftXldrwc3dnUui5IQ8BT6X/HRSZJAfnzAwXzicQA8CfOBgqRT pdCA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=20160920 header.b=qL2ZfPsC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v7-v6si15389198plp.31.2018.05.03.21.21.43; Thu, 03 May 2018 21:21:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=20160920 header.b=qL2ZfPsC; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751001AbeEDEUT (ORCPT + 99 others); Fri, 4 May 2018 00:20:19 -0400 Received: from mta-p3.oit.umn.edu ([134.84.196.203]:47460 "EHLO mta-p3.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750707AbeEDEUS (ORCPT ); Fri, 4 May 2018 00:20:18 -0400 Received: from localhost (localhost [127.0.0.1]) by mta-p3.oit.umn.edu (Postfix) with ESMTP id D2C79698 for ; Fri, 4 May 2018 04:20:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=umn.edu; h= content-type:content-type:subject:subject:message-id:date:date :from:from:references:in-reply-to:received:mime-version:received :received:received; s=20160920; t=1525407617; x=1527222018; bh=E MQISn5ZP3fN/vPCBkNEqY375VEWi8DvMd0z63M+Apo=; b=qL2ZfPsCQVifJIY48 mcl6/o/sztgFb0F9jWijTSsCyL9lDdEl8hZOM/5gww5RLOsaP7xDnZsPxGnNO5cR wjlNT9zhst3opdFRioGKWHeL03x2qc6Ja8QSJSudpIBtPHmk6I6NVXeTvFwK7/A2 Q3xOcOvQt31Xm7oBg/1q61xbQlAPnYkl51Y02dVGoMZWpqYxHdr3EheJ8/iKbA97 TNZXlNvq5iBG+hM0S7CzOyQkgiKP0oMJ2p6LLWjYyX3hwKdf38b57pQJRH2PrvuR haLyzNrdoBRLuFzZW7NFX3dBsKhroijdp0YF4rCEbMmgfXdRyX3jWXzwz0gCSOB6 u9CNQ== X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p3.oit.umn.edu ([127.0.0.1]) by localhost (mta-p3.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SMoimK_bGdVK for ; Thu, 3 May 2018 23:20:17 -0500 (CDT) Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: wang6495) by mta-p3.oit.umn.edu (Postfix) with ESMTPSA id 985FF151 for ; Thu, 3 May 2018 23:20:17 -0500 (CDT) Received: by mail-it0-f54.google.com with SMTP id q4-v6so1917559ite.3 for ; Thu, 03 May 2018 21:20:17 -0700 (PDT) X-Gm-Message-State: ALQs6tAEorWjfPKbCaMOXK5ohm4VhDqgOk2U2pj9t8tfGuylnFi+ragJ jiCgn8kjenGOBFnhcqa2cScGIEcrEtoqIcZsMPA= X-Received: by 2002:a24:9588:: with SMTP id m130-v6mr17927407itd.58.1525407617404; Thu, 03 May 2018 21:20:17 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:6f07:0:0:0:0:0 with HTTP; Thu, 3 May 2018 21:19:37 -0700 (PDT) In-Reply-To: <20180501084621.jfxrm3qoqfmftnxh@mwanda> References: <1525128971-8946-1-git-send-email-wang6495@umn.edu> <20180501084621.jfxrm3qoqfmftnxh@mwanda> From: Wenwen Wang Date: Thu, 3 May 2018 23:19:37 -0500 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v2] staging: lustre: llite: fix potential missing-check bug when copying lumv To: Dan Carpenter Cc: "open list:STAGING SUBSYSTEM" , Aastha Gupta , Roman Storozhenko , Andreas Dilger , Jeff Layton , Greg Kroah-Hartman , Kangjie Lu , NeilBrown , open list , Oleg Drokin , "moderated list:STAGING - LUSTRE PARALLEL FILESYSTEM" , Wenwen Wang Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 1, 2018 at 3:46 AM, Dan Carpenter wrote: > On Mon, Apr 30, 2018 at 05:56:10PM -0500, Wenwen Wang wrote: >> However, given that the user data resides in the user space, a malicious >> user-space process can race to change the data between the two copies. By >> doing so, the attacker can provide a data with an inconsistent version, >> e.g., v1 version + v3 data. This can lead to logical errors in the >> following execution in ll_dir_setstripe(), which performs different actions >> according to the version specified by the field lmm_magic. > > This part is misleading. The fix is to improve readability and make > static checkers happy. You're over dramatizing it to make people think > it has a security impact when it doesn't. > > If the user wants to specify v1 data they can just say that on the first > read. They don't need to do funny tricks and race between the two > reads. It's allowed. > > In other words this allows the user to do something in a very > complicated way which they are already allowed to do in a very simple > straight forward way. > > regards, > dan carpenter Thanks for your comment, Dan! How about this: However, given that the user data resides in the user space, a malicious user-space process can race to change the data between the two copies. By doing so, the attacker can provide a data with an inconsistent version, e.g., v1 version + v3 data. The current kernel can handle such inconsistent data. But, it may pose a potential security risk for future implementations. Also, to improve code readability and make static analysis tools happy, which will warn about read-verify-re-read type bugs, this issue should be fixed. Thanks, Wenwen