Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in shmem_get_inode

From: yukuai (C)
Date: Wed Nov 27 2019 - 01:47:36 EST

Next message: Ingo Molnar: "Re: [PATCH -tip 2/2] kprobes: Set unoptimized flag after unoptimizing code"
Previous message: Masami Hiramatsu: "Re: [PATCH -v5 00/17] Rewrite x86/ftrace to use text_poke (and more)"
In reply to: Hugh Dickins: "Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in shmem_get_inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2019/11/27 12:24, Hugh Dickins Wrote:

On Wed, 27 Nov 2019, yu kuai wrote:

'seals' is set to 'F_SEAL_SEAL' in shmem_get_inode, which means "prevent
further seals from being set", thus sealing API will be useless and many
code in shmem.c will never be reached. For example:

The sealing API is not useless, and that code can be reached.

shmem_setattr
if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
(newsize > oldsize && (info->seals & F_SEAL_GROW)))
return -EPERM;

So, initialize 'seals' to zero is more reasonable.

Signed-off-by: yu kuai <yukuai3@xxxxxxxxxx>

NAK.

See memfd_create in mm/memfd.c (code which originated in mm/shmem.c,
then was extended to support hugetlbfs also): sealing is for memfds,
not for tmpfs or hugetlbfs files or SHM. Without thinking about it too
hard, I believe that to allow sealing on tmpfs files would introduce
surprising new behaviors on them, which might well raise security issues;
and also be incompatible with the guarantees intended by sealing.

Thank you for your response.
Yu Kuai

Next message: Ingo Molnar: "Re: [PATCH -tip 2/2] kprobes: Set unoptimized flag after unoptimizing code"
Previous message: Masami Hiramatsu: "Re: [PATCH -v5 00/17] Rewrite x86/ftrace to use text_poke (and more)"
In reply to: Hugh Dickins: "Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in shmem_get_inode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]