| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fvxufyqixohx65lcusrkkfoxs5cnlsuv7kajv6bnngcoewsodx@tarta.nabijaczleweli.xyz>
Date: Sun, 24 Dec 2023 06:01:49 +0100
From:
Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
Cc: Jens Axboe <axboe@...nel.dk>, Christian Brauner <brauner@...nel.org>,
Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Jiri Slaby <jirislaby@...nel.org>, linux-serial@...r.kernel.org
Subject: [PATCH v2 13/11] tty: splice_write: disable
Given:
cat > ttyW.c <<^D
#define _GNU_SOURCE
#include <fcntl.h>
#include <stdlib.h>
int main()
{
int pt = posix_openpt(O_RDWR);
grantpt(pt);
unlockpt(pt);
int cl = open(ptsname(pt), O_WRONLY);
for (;;)
splice(0, 0, cl, 0, 128 * 1024 * 1024, 0);
}
^D
cc ttyW.c -o ttyW
mkfifo fifo
truncate 32M 32M
./ttyW < fifo &
cp 32M fifo &
sleep 0.1
read -r _ < fifo
ttyW used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EINVAL and the whole program completes.
This is also symmetric with the splice_read removal.
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@...ijaczleweli.xyz>
---
It hit me that I should actually probably exhaustively re-evaluate
splice_write as well since re-evaluating splice_read went so well.
fs/fuse/dev.c: .splice_write = fuse_dev_splice_write,
drivers/char/virtio_console.c: .splice_write = port_fops_splice_write,
locks, takes some pages, unlocks, writes, so OK
drivers/char/mem.c: .splice_write = splice_write_null,
drivers/char/mem.c: .splice_write = splice_write_zero,
no-op
drivers/char/random.c: .splice_write = iter_file_splice_write,
drivers/char/random.c: .splice_write = iter_file_splice_write,
AFAICT write_pool_user is okay to invoke like this?
net/socket.c: .splice_write = splice_to_socket,
already dealt with in 11/11
drivers/tty/tty_io.c: .splice_write = iter_file_splice_write,
drivers/tty/tty_io.c: .splice_write = iter_file_splice_write,
they do lock the pipe and try the write with the lock held;
we already killed splice_read so just kill splice_write for symmetry
(13/11)
fs/fuse/file.c: .splice_write = iter_file_splice_write,
same logic as splice_read applies (14/11)
drivers/tty/tty_io.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 50c2957a9c7f..d931c34ddcbf 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -465,7 +465,6 @@ static const struct file_operations tty_fops = {
.llseek = no_llseek,
.read_iter = tty_read,
.write_iter = tty_write,
- .splice_write = iter_file_splice_write,
.poll = tty_poll,
.unlocked_ioctl = tty_ioctl,
.compat_ioctl = tty_compat_ioctl,
@@ -479,7 +478,6 @@ static const struct file_operations console_fops = {
.llseek = no_llseek,
.read_iter = tty_read,
.write_iter = redirected_tty_write,
- .splice_write = iter_file_splice_write,
.poll = tty_poll,
.unlocked_ioctl = tty_ioctl,
.compat_ioctl = tty_compat_ioctl,
--
2.39.2
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists