On Wed, May 13, 2020 at 9:48 PM Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote: > > On Wed, May 13, 2020 at 09:47:07AM +0200, Miklos Szeredi wrote: > > On Tue, May 5, 2020 at 11:59 AM Miklos Szeredi <mszeredi@xxxxxxxxxx> wrote: > > > > > > Hi Al, > > > > > > Can you please apply the following patches? > > > > Ping? Could you please have a look at these patches? > > > > - /proc/mounts cursor is almost half the total lines changed, and that > > one was already pretty damn well reviewed by you > > > > - unprivileged whiteout one was approved by the security guys > > > > - aio fsync one is a real bug, please comment on whether the patch is > > acceptable or should I work around it in fuse > > > > - STATX_MNT_ID extension is a no brainer, the other one may or may not > > be useful, that's arguable... > > > > - the others are not important, but I think useful > > > > - and I missed one (faccess2); amending to patch series > > I can live with that, modulo couple of trivial nits. Have you tested the > /proc/mounts part for what happens if it's opened shitloads of times, > with each instance lseek'ed a bit forward (all to the same position, that > is)? That, in principle, allows an unpriveleged user to pile a lot of list > entries and cause serious looping under a spinlock... Hmm, indeed. Did some testing: a single loop takes on the order of 40ns. To trigger the soft lockup detector it would take 20s/40ns=500M cursors. Each new cursor is added after the existing ones, so inserting 500M cursors would take 40ns*500M^2/2 = ~158 years. That's obviously not a great way to DoS the system. I understand that 100ms could be a serious problem in some cases, but even that would take 34 hours to set up. Is less than that still a worry? I don't really know how much effort is needed (if at all) in order to make this a non-issue. Thanks, Miklos
