Re: [PATCH 2/2] iomap: move the iomap_dio_rw ->end_io callback into a structure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 03, 2019 at 09:14:46AM -0700, Matthew Wilcox wrote:
> On Tue, Sep 03, 2019 at 03:03:27PM +0200, Christoph Hellwig wrote:
> > Add a new iomap_dio_ops structure that for now just contains the end_io
> > handler.  This avoid storing the function pointer in a mutable structure,
> > which is a possible exploit vector for kernel code execution, and prepares
> > for adding a submit_io handler that btrfs needs.
> 
> Is it really a security win?  If I can overwrite dio->end_io, I can as
> well overwrite dio->dops.

Which you'd then need to point to another place where you can stuff
function pointer.  Not impossible, but just another hoop to jump
through.  At least until we add run-time checks that ops structures
are in read-only memory, which sounds more sensible than some of the
other security hardening patches floating around.



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux