| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Jan 2020 11:29:39 -0800
From: ira.weiny@...el.com
To: linux-kernel@...r.kernel.org
Cc: Ira Weiny <ira.weiny@...el.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
"Darrick J. Wong" <darrick.wong@...cle.com>,
Dan Williams <dan.j.williams@...el.com>,
Dave Chinner <david@...morbit.com>,
Christoph Hellwig <hch@....de>,
"Theodore Y. Ts'o" <tytso@....edu>, Jan Kara <jack@...e.cz>,
linux-ext4@...r.kernel.org, linux-xfs@...r.kernel.org,
linux-fsdevel@...r.kernel.org
Subject: [RFC PATCH V2 09/12] fs: Prevent mode change if file is mmap'ed
From: Ira Weiny <ira.weiny@...el.com>
Page faults need to ensure the inode mode is correct and consistent with
the vmf information at the time of the fault. There is no easy way to
ensure the vmf information is correct if a mode change is in progress.
Furthermore, there is no good use case to require a mode change while
the file is mmap'ed.
Track mmap's of the file and fail the mode change if the file is
mmap'ed.
Signed-off-by: Ira Weiny <ira.weiny@...el.com>
---
fs/inode.c | 2 ++
fs/xfs/xfs_ioctl.c | 8 ++++++++
include/linux/fs.h | 1 +
mm/mmap.c | 19 +++++++++++++++++--
4 files changed, 28 insertions(+), 2 deletions(-)
diff --git a/fs/inode.c b/fs/inode.c
index 2b0f51161918..944711aed6f8 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -245,6 +245,8 @@ static struct inode *alloc_inode(struct super_block *sb)
return NULL;
}
+ atomic64_set(&inode->i_mapped, 0);
+
return inode;
}
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index bc3654fe3b5d..1ab0906c6c7f 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1200,6 +1200,14 @@ xfs_ioctl_setattr_dax_invalidate(
goto out_unlock;
}
+ /*
+ * If there is a mapping in place we must remain in our current mode.
+ */
+ if (atomic64_read(&inode->i_mapped)) {
+ error = -EBUSY;
+ goto out_unlock;
+ }
+
error = filemap_write_and_wait(inode->i_mapping);
if (error)
goto out_unlock;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 631f11d6246e..6e7dc626b657 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -740,6 +740,7 @@ struct inode {
#endif
void *i_private; /* fs or device private pointer */
+ atomic64_t i_mapped;
} __randomize_layout;
struct timespec64 timestamp_truncate(struct timespec64 t, struct inode *inode);
diff --git a/mm/mmap.c b/mm/mmap.c
index dfaf1130e706..e6b68924b7ca 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -171,12 +171,17 @@ void unlink_file_vma(struct vm_area_struct *vma)
static struct vm_area_struct *remove_vma(struct vm_area_struct *vma)
{
struct vm_area_struct *next = vma->vm_next;
+ struct file *f = vma->vm_file;
might_sleep();
if (vma->vm_ops && vma->vm_ops->close)
vma->vm_ops->close(vma);
- if (vma->vm_file)
- fput(vma->vm_file);
+ if (f) {
+ struct inode *inode = file_inode(f);
+ if (inode)
+ atomic64_dec(&inode->i_mapped);
+ fput(f);
+ }
mpol_put(vma_policy(vma));
vm_area_free(vma);
return next;
@@ -1837,6 +1842,16 @@ unsigned long mmap_region(struct file *file, unsigned long addr,
vma_set_page_prot(vma);
+ /*
+ * Track if there is mapping in place such that a mode change
+ * does not occur on a file which is mapped
+ */
+ if (file) {
+ struct inode *inode = file_inode(file);
+
+ atomic64_inc(&inode->i_mapped);
+ }
+
return addr;
unmap_and_free_vma:
--
2.21.0
Powered by blists - more mailing lists