Commit 786a5e15 authored by Nick Piggin's avatar Nick Piggin

fs: d_validate fixes

d_validate has been broken for a long time.

kmem_ptr_validate does not guarantee that a pointer can be dereferenced
if it can go away at any time. Even rcu_read_lock doesn't help, because
the pointer might be queued in RCU callbacks but not executed yet.

So the parent cannot be checked, nor the name hashed. The dentry pointer
can not be touched until it can be verified under lock. Hashing simply
cannot be used.

Instead, verify the parent/child relationship by traversing parent's
d_child list. It's slow, but only ncpfs and the destaged smbfs care
about it, at this point.
Signed-off-by: default avatarNick Piggin <npiggin@kernel.dk>
parent d3a23e16
...@@ -1483,41 +1483,30 @@ struct dentry *d_hash_and_lookup(struct dentry *dir, struct qstr *name) ...@@ -1483,41 +1483,30 @@ struct dentry *d_hash_and_lookup(struct dentry *dir, struct qstr *name)
} }
/** /**
* d_validate - verify dentry provided from insecure source * d_validate - verify dentry provided from insecure source (deprecated)
* @dentry: The dentry alleged to be valid child of @dparent * @dentry: The dentry alleged to be valid child of @dparent
* @dparent: The parent dentry (known to be valid) * @dparent: The parent dentry (known to be valid)
* *
* An insecure source has sent us a dentry, here we verify it and dget() it. * An insecure source has sent us a dentry, here we verify it and dget() it.
* This is used by ncpfs in its readdir implementation. * This is used by ncpfs in its readdir implementation.
* Zero is returned in the dentry is invalid. * Zero is returned in the dentry is invalid.
*
* This function is slow for big directories, and deprecated, do not use it.
*/ */
int d_validate(struct dentry *dentry, struct dentry *dparent) int d_validate(struct dentry *dentry, struct dentry *dparent)
{ {
struct hlist_head *base; struct dentry *child;
struct hlist_node *lhp;
/* Check whether the ptr might be valid at all.. */
if (!kmem_ptr_validate(dentry_cache, dentry))
goto out;
if (dentry->d_parent != dparent)
goto out;
spin_lock(&dcache_lock); spin_lock(&dcache_lock);
base = d_hash(dparent, dentry->d_name.hash); list_for_each_entry(child, &dparent->d_subdirs, d_u.d_child) {
hlist_for_each(lhp,base) { if (dentry == child) {
/* hlist_for_each_entry_rcu() not required for d_hash list
* as it is parsed under dcache_lock
*/
if (dentry == hlist_entry(lhp, struct dentry, d_hash)) {
__dget_locked(dentry); __dget_locked(dentry);
spin_unlock(&dcache_lock); spin_unlock(&dcache_lock);
return 1; return 1;
} }
} }
spin_unlock(&dcache_lock); spin_unlock(&dcache_lock);
out:
return 0; return 0;
} }
EXPORT_SYMBOL(d_validate); EXPORT_SYMBOL(d_validate);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment