[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 093/104] virtiofsd: introduce inode refcount to prevent use-a
|
From: |
Sergio Lopez |
|
Subject: |
Re: [PATCH 093/104] virtiofsd: introduce inode refcount to prevent use-after-free |
|
Date: |
Mon, 20 Jan 2020 11:28:00 +0100 |
|
User-agent: |
mu4e 1.2.0; emacs 26.3 |
Dr. David Alan Gilbert (git) <address@hidden> writes:
> From: Stefan Hajnoczi <address@hidden>
>
> If thread A is using an inode it must not be deleted by thread B when
> processing a FUSE_FORGET request.
>
> The FUSE protocol itself already has a counter called nlookup that is
> used in FUSE_FORGET messages. We cannot trust this counter since the
> untrusted client can manipulate it via FUSE_FORGET messages.
>
> Introduce a new refcount to keep inodes alive for the required lifespan.
> lo_inode_put() must be called to release a reference. FUSE's nlookup
> counter holds exactly one reference so that the inode stays alive as
> long as the client still wants to remember it.
>
> Note that the lo_inode->is_symlink field is moved to avoid creating a
> hole in the struct due to struct field alignment.
>
> Signed-off-by: Stefan Hajnoczi <address@hidden>
> ---
> tools/virtiofsd/passthrough_ll.c | 168 ++++++++++++++++++++++++++-----
> 1 file changed, 145 insertions(+), 23 deletions(-)
Reviewed-by: Sergio Lopez <address@hidden>
signature.asc
Description: PGP signature