lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <alpine.LSU.2.11.1911262008330.2204@eggly.anvils>
Date:   Tue, 26 Nov 2019 20:24:32 -0800 (PST)
From:   Hugh Dickins <hughd@...gle.com>
To:     yu kuai <yukuai3@...wei.com>
cc:     hughd@...gle.com, akpm@...ux-foundation.org, linux-mm@...ck.org,
        linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        yi.zhang@...wei.com, zhengbin13@...wei.com
Subject: Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in
 shmem_get_inode

On Wed, 27 Nov 2019, yu kuai wrote:

> 'seals' is set to 'F_SEAL_SEAL' in shmem_get_inode, which means "prevent
> further seals from being set", thus sealing API will be useless and many
> code in shmem.c will never be reached. For example:

The sealing API is not useless, and that code can be reached.

> 
> shmem_setattr
> 	if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
> 	    (newsize > oldsize && (info->seals & F_SEAL_GROW)))
> 		return -EPERM;
> 
> So, initialize 'seals' to zero is more reasonable.
> 
> Signed-off-by: yu kuai <yukuai3@...wei.com>

NAK.

See memfd_create in mm/memfd.c (code which originated in mm/shmem.c,
then was extended to support hugetlbfs also): sealing is for memfds,
not for tmpfs or hugetlbfs files or SHM.  Without thinking about it too
hard, I believe that to allow sealing on tmpfs files would introduce
surprising new behaviors on them, which might well raise security issues;
and also be incompatible with the guarantees intended by sealing.

> ---
>  mm/shmem.c | 1 -
>  1 file changed, 1 deletion(-)
> 
> diff --git a/mm/shmem.c b/mm/shmem.c
> index 165fa6332993..7b032b347bda 100644
> --- a/mm/shmem.c
> +++ b/mm/shmem.c
> @@ -2256,7 +2256,6 @@ static struct inode *shmem_get_inode(struct super_block *sb, const struct inode
>  		memset(info, 0, (char *)inode - (char *)info);
>  		spin_lock_init(&info->lock);
>  		atomic_set(&info->stop_eviction, 0);
> -		info->seals = F_SEAL_SEAL;
>  		info->flags = flags & VM_NORESERVE;
>  		INIT_LIST_HEAD(&info->shrinklist);
>  		INIT_LIST_HEAD(&info->swaplist);
> -- 
> 2.17.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ