Jann Horn <jannh@xxxxxxxxxx> wrote:
> [...]
> > + case fsconfig_set_binary:
> > + param.type = fs_value_is_blob;
> > + param.size = aux;
> > + param.blob = memdup_user_nul(_value, aux);
> > + if (IS_ERR(param.blob)) {
> > + ret = PTR_ERR(param.blob);
> > + goto out_key;
> > + }
> > + break;
>
> This means that a namespace admin (iow, an unprivileged user) can
> allocate 1MB of unswappable kmalloc memory per userspace task, right?
> Using userfaultfd or FUSE, you can then stall the task as long as you
> want while it has that allocation. Is that problematic, or is that
> normal?
That's not exactly the case. A userspace task can make a temporary
allocation, but unless the filesystem grabs it, it's released again on exit
from the system call.
Note that I should probably use vmalloc() rather than kmalloc(), but that
doesn't really affect your point. I could also pass the user pointer through
to the filesystem instead - I wanted to avoid that for this interface, but it
make sense in this instance.
David
