| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LSU.2.11.1903221200490.2995@eggly.anvils>
Date: Fri, 22 Mar 2019 12:05:39 -0700 (PDT)
From: Hugh Dickins <hughd@...gle.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc: linux-kernel@...r.kernel.org, stable@...r.kernel.org,
"Darrick J. Wong" <darrick.wong@...cle.com>,
Hugh Dickins <hughd@...gle.com>,
Matej Kupljen <matej.kupljen@...il.com>,
Al Viro <viro@...iv.linux.org.uk>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Sasha Levin <sashal@...nel.org>
Subject: Re: [PATCH 3.18 107/134] tmpfs: fix link accounting when a tmpfile
is linked in
The other patchsets posted today are complete - thanks -
but this 3.18.137-rc1 tree still wants
29b00e609960 ("tmpfs: fix uninitialized return value in shmem_link")
to be added to fix this one - thanks.
Hugh
On Fri, 22 Mar 2019, Greg Kroah-Hartman wrote:
> 3.18-stable review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> [ Upstream commit 1062af920c07f5b54cf5060fde3339da6df0cf6b ]
>
> tmpfs has a peculiarity of accounting hard links as if they were
> separate inodes: so that when the number of inodes is limited, as it is
> by default, a user cannot soak up an unlimited amount of unreclaimable
> dcache memory just by repeatedly linking a file.
>
> But when v3.11 added O_TMPFILE, and the ability to use linkat() on the
> fd, we missed accommodating this new case in tmpfs: "df -i" shows that
> an extra "inode" remains accounted after the file is unlinked and the fd
> closed and the actual inode evicted. If a user repeatedly links
> tmpfiles into a tmpfs, the limit will be hit (ENOSPC) even after they
> are deleted.
>
> Just skip the extra reservation from shmem_link() in this case: there's
> a sense in which this first link of a tmpfile is then cheaper than a
> hard link of another file, but the accounting works out, and there's
> still good limiting, so no need to do anything more complicated.
>
> Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1902182134370.7035@eggly.anvils
> Fixes: f4e0c30c191 ("allow the temp files created by open() to be linked to")
> Signed-off-by: Darrick J. Wong <darrick.wong@...cle.com>
> Signed-off-by: Hugh Dickins <hughd@...gle.com>
> Reported-by: Matej Kupljen <matej.kupljen@...il.com>
> Acked-by: Al Viro <viro@...iv.linux.org.uk>
> Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
> Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
> Signed-off-by: Sasha Levin <sashal@...nel.org>
> ---
> mm/shmem.c | 10 +++++++---
> 1 file changed, 7 insertions(+), 3 deletions(-)
>
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 64c33e3dbe69..b40b13c94e03 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2286,10 +2286,14 @@ static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentr
> * No ordinary (disk based) filesystem counts links as inodes;
> * but each new link needs a new dentry, pinning lowmem, and
> * tmpfs dentries cannot be pruned until they are unlinked.
> + * But if an O_TMPFILE file is linked into the tmpfs, the
> + * first link must skip that, to get the accounting right.
> */
> - ret = shmem_reserve_inode(inode->i_sb);
> - if (ret)
> - goto out;
> + if (inode->i_nlink) {
> + ret = shmem_reserve_inode(inode->i_sb);
> + if (ret)
> + goto out;
> + }
>
> dir->i_size += BOGO_DIRENT_SIZE;
> inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
> --
> 2.19.1
Powered by blists - more mailing lists