Commit 08662977 authored Aug 17, 2023 by Sishuai Gong Committed by Steven Rostedt (Google) Aug 22, 2023

tracefs: Avoid changing i_mode to a temp value

Right now inode->i_mode is updated twice to reach the desired value
in tracefs_apply_options(). Because there is no lock protecting the two
writes, other threads might read the intermediate value of inode->i_mode.

Thread-1			Thread-2
// tracefs_apply_options()	//e.g., acl_permission_check
inode->i_mode &= ~S_IALLUGO;
				unsigned int mode = inode->i_mode;
inode->i_mode |= opts->mode;

I think there is no need to introduce a lock but it is better to
only update inode->i_mode ONCE, so the readers will either see the old
or latest value, rather than an intermediate/temporary value.

Note, the race is not a security concern as the intermediate value is more
locked down than either the start or end version. This is more just to do
the conversion cleanly.

Link: https://lore.kernel.org/linux-trace-kernel/AB5B0A1C-75D9-4E82-A7F0-CF7D0715587B@gmail.com



Signed-off-by: Sishuai Gong <sishuai.system@gmail.com>
Signed-off-by: Steven Rostedt (Google) <rostedt@goodmis.org>

parent a943188d

fs/tracefs/inode.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -310,6 +310,7 @@ static int tracefs_apply_options(struct super_block *sb, bool remount)
		struct tracefs_fs_info *fsi = sb->s_fs_info;
		struct inode *inode = d_inode(sb->s_root);
		struct tracefs_mount_opts *opts = &fsi->mount_opts;
		umode_t tmp_mode;

		/*
		* On remount, only reset mode/uid/gid if they were provided as mount
		@@ -317,8 +318,9 @@ static int tracefs_apply_options(struct super_block *sb, bool remount)
		*/

		if (!remount \|\| opts->opts & BIT(Opt_mode)) {
		inode->i_mode &= ~S_IALLUGO;
		inode->i_mode \|= opts->mode;
		tmp_mode = READ_ONCE(inode->i_mode) & ~S_IALLUGO;
		tmp_mode \|= opts->mode;
		WRITE_ONCE(inode->i_mode, tmp_mode);
		}

		if (!remount \|\| opts->opts & BIT(Opt_uid))