| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19865.1532854200@warthog.procyon.org.uk>
Date: Sun, 29 Jul 2018 09:50:00 +0100
From: David Howells <dhowells@...hat.com>
To: Jann Horn <jannh@...gle.com>
Cc: dhowells@...hat.com, Al Viro <viro@...iv.linux.org.uk>,
Linux API <linux-api@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
linux-fsdevel@...r.kernel.org,
kernel list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 29/38] vfs: syscall: Add fsconfig() for configuring and managing a context [ver #10]
Jann Horn <jannh@...gle.com> wrote:
> [...]
> > + case fsconfig_set_binary:
> > + param.type = fs_value_is_blob;
> > + param.size = aux;
> > + param.blob = memdup_user_nul(_value, aux);
> > + if (IS_ERR(param.blob)) {
> > + ret = PTR_ERR(param.blob);
> > + goto out_key;
> > + }
> > + break;
>
> This means that a namespace admin (iow, an unprivileged user) can
> allocate 1MB of unswappable kmalloc memory per userspace task, right?
> Using userfaultfd or FUSE, you can then stall the task as long as you
> want while it has that allocation. Is that problematic, or is that
> normal?
That's not exactly the case. A userspace task can make a temporary
allocation, but unless the filesystem grabs it, it's released again on exit
from the system call.
Note that I should probably use vmalloc() rather than kmalloc(), but that
doesn't really affect your point. I could also pass the user pointer through
to the filesystem instead - I wanted to avoid that for this interface, but it
make sense in this instance.
David
Powered by blists - more mailing lists