| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180706214416.184691-1-joel@joelfernandes.org>
Date: Fri, 6 Jul 2018 14:44:16 -0700
From: Joel Fernandes <joel@...lfernandes.org>
To: linux-kernel@...r.kernel.org
Cc: kernel-team@...roid.com,
Tobias Lindskog <tobias.lindskog@...ymobile.com>,
Jeff Vander Stoep <jeffv@...gle.com>,
Joel Fernandes <joel@...lfernandes.org>,
"Arve H" <arve@...roid.com>, devel@...verdev.osuosl.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Martijn Coenen <maco@...roid.com>,
Todd Kjos <tkjos@...roid.com>
Subject: [PATCH] ashmem: Shrink directly through shmem_fallocate
From: Tobias Lindskog <tobias.lindskog@...ymobile.com>
When ashmem_shrink is called from direct reclaim on a user thread, a
call to do_fallocate will check for permissions against the security
policy of that user thread. It can thus fail by chance if called on a
thread that isn't permitted to modify the relevant ashmem areas.
Because we know that we have a shmem file underneath, call the shmem
implementation of fallocate directly instead of going through the
user-space interface for fallocate.
Bug: 21951515
Signed-off-by: Tobias Lindskog <tobias.lindskog@...ymobile.com>
Signed-off-by: Jeff Vander Stoep <jeffv@...gle.com>
Signed-off-by: Joel Fernandes (Google) <joel@...lfernandes.org>
---
drivers/staging/android/ashmem.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/android/ashmem.c b/drivers/staging/android/ashmem.c
index a1a0025b59e0..23ff9ee80386 100644
--- a/drivers/staging/android/ashmem.c
+++ b/drivers/staging/android/ashmem.c
@@ -444,9 +444,9 @@ ashmem_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
loff_t start = range->pgstart * PAGE_SIZE;
loff_t end = (range->pgend + 1) * PAGE_SIZE;
- vfs_fallocate(range->asma->file,
- FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
- start, end - start);
+ range->asma->file->f_op->fallocate(range->asma->file,
+ FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE,
+ start, end - start);
range->purged = ASHMEM_WAS_PURGED;
lru_del(range);
--
2.18.0.203.gfac676dfb9-goog
Powered by blists - more mailing lists