Re: [RFC] invalidate_mmap_range() missesremap_file_pages()-affected targets

[Andrew Morton]

William Lee Irwin III <wli@xxxxxxxxxxxxxx> wrote:
>
> invalidate_mmap_range(), and hence vmtruncate(), can miss its targets
>  due to remap_file_pages() disturbing the former invariant of file
>  offsets only being mapped within vmas tagged as mapping file offset
>  ranges containing them.

I was going to just not bother about this wart.  After all, we get to write
the standard on remap_file_pages(), and we can say "the
truncate-causes-SIGBUS thing doesn't work".  After all, it is not very
useful.

But I wonder if this effect could be used maliciously.  Say, user A has
read-only access to user B's file, and uses that access to set up a
nonlinear mapping thereby causing user B's truncate to not behave
correctly.  But this example is OK, isn't it?  User A will just receive an
anonymous page for his troubles.

Can you think of any stability or security scenario which says that we
_should_ implement the conventional truncate behaviour?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/