| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 1 Nov 2017 17:18:37 -0700
From: Mike Kravetz <mike.kravetz@...cle.com>
To: Marc-André Lureau <marcandre.lureau@...hat.com>,
linux-mm@...ck.org, linux-kernel@...r.kernel.org
Cc: aarcange@...hat.com, hughd@...gle.com, nyc@...omorphy.com
Subject: Re: [PATCH 5/6] shmem: add sealing support to hugetlb-backed memfd
On 10/31/2017 11:40 AM, Marc-André Lureau wrote:
> Adapt add_seals()/get_seals() to work with hugetbfs-backed memory.
>
> Teach memfd_create() to allow sealing operations on MFD_HUGETLB.
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@...hat.com>
> ---
> mm/shmem.c | 51 ++++++++++++++++++++++++++++++---------------------
> 1 file changed, 30 insertions(+), 21 deletions(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index b7811979611f..b7c59d993c19 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2717,6 +2717,19 @@ static int shmem_wait_for_pins(struct address_space *mapping)
> return error;
> }
>
> +static unsigned int *memfd_get_seals(struct file *file)
I would have named this something like 'memfd_file_seal_ptr', and not
changed the name of memfd_get_seals below. Just my preference, and it
does not carry as much weight as Hugh who originally write this code.
> +{
> + if (file->f_op == &shmem_file_operations)
> + return &SHMEM_I(file_inode(file))->seals;
> +
> +#ifdef CONFIG_HUGETLBFS
> + if (file->f_op == &hugetlbfs_file_operations)
> + return &HUGETLBFS_I(file_inode(file))->seals;
> +#endif
> +
> + return NULL;
> +}
> +
As mentioned in patch 2, I think this code will need to be restructured
so that hugetlbfs file sealing will work even is CONFIG_TMPFS is not
defined. The above routine is behind #ifdef CONFIG_TMPFS.
In general the code looks fine, but this config issue needs to be addressed.
--
Mike Kravetz
> #define F_ALL_SEALS (F_SEAL_SEAL | \
> F_SEAL_SHRINK | \
> F_SEAL_GROW | \
> @@ -2725,7 +2738,7 @@ static int shmem_wait_for_pins(struct address_space *mapping)
> static int memfd_add_seals(struct file *file, unsigned int seals)
> {
> struct inode *inode = file_inode(file);
> - struct shmem_inode_info *info = SHMEM_I(inode);
> + unsigned int *file_seals;
> int error;
>
> /*
> @@ -2758,8 +2771,6 @@ static int memfd_add_seals(struct file *file, unsigned int seals)
> * other file types.
> */
>
> - if (file->f_op != &shmem_file_operations)
> - return -EINVAL;
> if (!(file->f_mode & FMODE_WRITE))
> return -EPERM;
> if (seals & ~(unsigned int)F_ALL_SEALS)
> @@ -2767,12 +2778,18 @@ static int memfd_add_seals(struct file *file, unsigned int seals)
>
> inode_lock(inode);
>
> - if (info->seals & F_SEAL_SEAL) {
> + file_seals = memfd_get_seals(file);
> + if (!file_seals) {
> + error = -EINVAL;
> + goto unlock;
> + }
> +
> + if (*file_seals & F_SEAL_SEAL) {
> error = -EPERM;
> goto unlock;
> }
>
> - if ((seals & F_SEAL_WRITE) && !(info->seals & F_SEAL_WRITE)) {
> + if ((seals & F_SEAL_WRITE) && !(*file_seals & F_SEAL_WRITE)) {
> error = mapping_deny_writable(file->f_mapping);
> if (error)
> goto unlock;
> @@ -2784,7 +2801,7 @@ static int memfd_add_seals(struct file *file, unsigned int seals)
> }
> }
>
> - info->seals |= seals;
> + *file_seals |= seals;
> error = 0;
>
> unlock:
> @@ -2792,12 +2809,11 @@ static int memfd_add_seals(struct file *file, unsigned int seals)
> return error;
> }
>
> -static int memfd_get_seals(struct file *file)
> +static int memfd_fcntl_get_seals(struct file *file)
> {
> - if (file->f_op != &shmem_file_operations)
> - return -EINVAL;
> + unsigned int *seals = memfd_get_seals(file);
>
> - return SHMEM_I(file_inode(file))->seals;
> + return seals ? *seals : -EINVAL;
> }
>
> long memfd_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
> @@ -2813,7 +2829,7 @@ long memfd_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
> error = memfd_add_seals(file, arg);
> break;
> case F_GET_SEALS:
> - error = memfd_get_seals(file);
> + error = memfd_fcntl_get_seals(file);
> break;
> default:
> error = -EINVAL;
> @@ -3657,7 +3673,7 @@ SYSCALL_DEFINE2(memfd_create,
> const char __user *, uname,
> unsigned int, flags)
> {
> - struct shmem_inode_info *info;
> + unsigned int *file_seals;
> struct file *file;
> int fd, error;
> char *name;
> @@ -3667,9 +3683,6 @@ SYSCALL_DEFINE2(memfd_create,
> if (flags & ~(unsigned int)MFD_ALL_FLAGS)
> return -EINVAL;
> } else {
> - /* Sealing not supported in hugetlbfs (MFD_HUGETLB) */
> - if (flags & MFD_ALLOW_SEALING)
> - return -EINVAL;
> /* Allow huge page size encoding in flags. */
> if (flags & ~(unsigned int)(MFD_ALL_FLAGS |
> (MFD_HUGE_MASK << MFD_HUGE_SHIFT)))
> @@ -3722,12 +3735,8 @@ SYSCALL_DEFINE2(memfd_create,
> file->f_flags |= O_RDWR | O_LARGEFILE;
>
> if (flags & MFD_ALLOW_SEALING) {
> - /*
> - * flags check at beginning of function ensures
> - * this is not a hugetlbfs (MFD_HUGETLB) file.
> - */
> - info = SHMEM_I(file_inode(file));
> - info->seals &= ~F_SEAL_SEAL;
> + file_seals = memfd_get_seals(file);
> + *file_seals &= ~F_SEAL_SEAL;
> }
>
> fd_install(fd, file);
>
Powered by blists - more mailing lists