| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <diqzfs9e0xl1.fsf@ackerleytng-cloudtop.c.googlers.com>
Date: Wed, 05 Apr 2023 22:32:26 +0000
From: Ackerley Tng <ackerleytng@...gle.com>
To: "Kirill A. Shutemov" <kirill@...temov.name>
Cc: kvm@...r.kernel.org, linux-api@...r.kernel.org,
linux-arch@...r.kernel.org, linux-doc@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
linux-mm@...ck.org, qemu-devel@...gnu.org, aarcange@...hat.com,
ak@...ux.intel.com, akpm@...ux-foundation.org, arnd@...db.de,
bfields@...ldses.org, bp@...en8.de, chao.p.peng@...ux.intel.com,
corbet@....net, dave.hansen@...el.com, david@...hat.com,
ddutile@...hat.com, dhildenb@...hat.com, hpa@...or.com,
hughd@...gle.com, jlayton@...nel.org, jmattson@...gle.com,
joro@...tes.org, jun.nakajima@...el.com,
kirill.shutemov@...ux.intel.com, linmiaohe@...wei.com,
luto@...nel.org, mail@...iej.szmigiero.name, mhocko@...e.com,
michael.roth@....com, mingo@...hat.com, naoya.horiguchi@....com,
pbonzini@...hat.com, qperret@...gle.com, rppt@...nel.org,
seanjc@...gle.com, shuah@...nel.org, steven.price@....com,
tabba@...gle.com, tglx@...utronix.de, vannapurve@...gle.com,
vbabka@...e.cz, vkuznets@...hat.com, wanpengli@...cent.com,
wei.w.wang@...el.com, x86@...nel.org, yu.c.zhang@...ux.intel.com
Subject: Re: [RFC PATCH v3 1/2] mm: restrictedmem: Allow userspace to specify
mount for memfd_restricted
Thanks for reviewing these patches!
"Kirill A. Shutemov" <kirill@...temov.name> writes:
> On Fri, Mar 31, 2023 at 11:50:39PM +0000, Ackerley Tng wrote:
>> ...
>> +static int restrictedmem_create_on_user_mount(int mount_fd)
>> +{
>> + int ret;
>> + struct fd f;
>> + struct vfsmount *mnt;
>> +
>> + f = fdget_raw(mount_fd);
>> + if (!f.file)
>> + return -EBADF;
>> +
>> + ret = -EINVAL;
>> + if (!is_mount_root(f.file))
>> + goto out;
>> +
>> + mnt = f.file->f_path.mnt;
>> + if (!is_shmem_mount(mnt))
>> + goto out;
>> +
>> + ret = file_permission(f.file, MAY_WRITE | MAY_EXEC);
> Why MAY_EXEC?
Christian pointed out that this check does not make sense, I'll be
removing the entire check in the next revision.
>> + if (ret)
>> + goto out;
>> +
>> + ret = mnt_want_write(mnt);
>> + if (unlikely(ret))
>> + goto out;
>> +
>> + ret = restrictedmem_create(mnt);
>> +
>> + mnt_drop_write(mnt);
>> +out:
>> + fdput(f);
>> +
>> + return ret;
>> +}
> We need review from fs folks. Look mostly sensible, but I have no
> experience in fs.
>> +
>> +SYSCALL_DEFINE2(memfd_restricted, unsigned int, flags, int, mount_fd)
>> +{
>> + if (flags & ~RMFD_USERMNT)
>> + return -EINVAL;
>> +
>> + if (flags == RMFD_USERMNT) {
>> + if (mount_fd < 0)
>> + return -EINVAL;
>> +
>> + return restrictedmem_create_on_user_mount(mount_fd);
>> + } else {
>> + return restrictedmem_create(NULL);
>> + }
> Maybe restructure with single restrictedmem_create() call?
> struct vfsmount *mnt = NULL;
> if (flags == RMFD_USERMNT) {
> ...
> mnt = ...();
> }
> return restrictedmem_create(mnt);
Will do so in the next revision.
>> +}
>> +
>> int restrictedmem_bind(struct file *file, pgoff_t start, pgoff_t end,
>> struct restrictedmem_notifier *notifier, bool exclusive)
>> {
>> --
>> 2.40.0.348.gf938b09366-goog
Powered by blists - more mailing lists