Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache

From: Kees Cook
Date: Thu Jan 11 2018 - 18:05:26 EST

Next message: Daeho Jeong: "[PATCH] f2fs: prevent newly created inode from being dirtied incorrectly"
Previous message: Jae Hyun Yoo: "Re: [linux, dev-4.10, 6/6] drivers/hwmon: Add a driver for a generic PECI hwmon"
In reply to: Theodore Ts'o: "Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache"
Next in thread: Matthew Wilcox: "Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 11, 2018 at 9:01 AM, Theodore Ts'o <tytso@xxxxxxx> wrote:
> On Wed, Jan 10, 2018 at 06:02:45PM -0800, Kees Cook wrote:
>> The ext4 symlink pathnames, stored in struct ext4_inode_info.i_data
>> and therefore contained in the ext4_inode_cache slab cache, need
>> to be copied to/from userspace.
>
> Symlink operations to/from userspace aren't common or in the hot path,
> and when they are in i_data, limited to at most 60 bytes. Is it worth
> it to copy through a bounce buffer so as to disallow any usercopies
> into struct ext4_inode_info?

If this is the only place it's exposed, yeah, that might be a way to
avoid the per-FS patches. This would, AIUI, require changing
readlink_copy() to include a bounce buffer, and that would require an
allocation. I kind of prefer just leaving the per-FS whitelists, as
then there's no global overhead added.

-Kees

--
Kees Cook
Pixel Security

Next message: Daeho Jeong: "[PATCH] f2fs: prevent newly created inode from being dirtied incorrectly"
Previous message: Jae Hyun Yoo: "Re: [linux, dev-4.10, 6/6] drivers/hwmon: Add a driver for a generic PECI hwmon"
In reply to: Theodore Ts'o: "Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache"
Next in thread: Matthew Wilcox: "Re: [PATCH 13/38] ext4: Define usercopy region in ext4_inode_cache slab cache"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]