Re: [PATCH 5/5] vfs: don't allow writes to swap files

From: Al Viro
Date: Tue Jun 25 2019 - 23:52:34 EST


On Tue, Jun 25, 2019 at 07:33:31PM -0700, Darrick J. Wong wrote:
> --- a/fs/attr.c
> +++ b/fs/attr.c
> @@ -236,6 +236,9 @@ int notify_change(struct dentry * dentry, struct iattr * attr, struct inode **de
> if (IS_IMMUTABLE(inode))
> return -EPERM;
>
> + if (IS_SWAPFILE(inode))
> + return -ETXTBSY;
> +
> if ((ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) &&
> IS_APPEND(inode))
> return -EPERM;

Er... So why exactly is e.g. chmod(2) forbidden for swapfiles? Or touch(1),
for that matter...

> diff --git a/mm/swapfile.c b/mm/swapfile.c
> index 596ac98051c5..1ca4ee8c2d60 100644
> --- a/mm/swapfile.c
> +++ b/mm/swapfile.c
> @@ -3165,6 +3165,19 @@ SYSCALL_DEFINE2(swapon, const char __user *, specialfile, int, swap_flags)
> if (error)
> goto bad_swap;
>
> + /*
> + * Flush any pending IO and dirty mappings before we start using this
> + * swap file.
> + */
> + if (S_ISREG(inode->i_mode)) {
> + inode->i_flags |= S_SWAPFILE;
> + error = inode_drain_writes(inode);
> + if (error) {
> + inode->i_flags &= ~S_SWAPFILE;
> + goto bad_swap;
> + }
> + }

Why are swap partitions any less worthy of protection?