Re: [PATCH 29/38] vfs: syscall: Add fsconfig() for configuring and managing a context [ver #10]

From: David Howells
Date: Mon Jul 30 2018 - 08:32:39 EST


Jann Horn <jannh@xxxxxxxxxx> wrote:

> > > This means that a namespace admin (iow, an unprivileged user) can
> > > allocate 1MB of unswappable kmalloc memory per userspace task, right?
> > > Using userfaultfd or FUSE, you can then stall the task as long as you
> > > want while it has that allocation. Is that problematic, or is that
> > > normal?
> >
> > That's not exactly the case. A userspace task can make a temporary
> > allocation, but unless the filesystem grabs it, it's released again on exit
> > from the system call.
>
> That's what I said.

Sorry, I wasn't clear what you meant. I assumed you were thinking it was then
automatically attached to the context, say:

fd = fsopen("fuse", 0);
fsconfig(fd, fsconfig_set_binary, "foo", buffer, size);

> Each userspace task can make a 1MB allocation by calling this syscall, and
> this temporary allocation stays allocated until the end of the syscall. But
> the runtime of the syscall is unbounded - even just the memdup_user_nul()
> can stall forever if the copy_from_user() call inside it faults on e.g. a
> userfault region or a memory-mapped file from a FUSE filesystem.

Okay, I see what you're getting at. Note that this affects other syscalls
too, keyctl, module loading and read() with readahead for example. Not sure
what the answer should be.

David