This just can't be right.
On Fri, Jul 24, 2020 at 6:12 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> +
> +/**
> + * sys_watch_mount - Watch for mount topology/attribute changes
> + * @dfd: Base directory to pathwalk from or fd referring to mount.
> + * @filename: Path to mount to place the watch upon
> + * @at_flags: Pathwalk control flags
> + * @watch_fd: The watch queue to send notifications to.
> + * @watch_id: The watch ID to be placed in the notification (-1 to remove watch)
> + */
> +SYSCALL_DEFINE5(watch_mount, [...]
> + int, watch_id)
...
> + if (watch_id < -1 || watch_id > 0xff)
> + return -EINVAL;
...
> + ret = inode_permission(path.dentry->d_inode, MAY_EXEC);
> + if (ret)
> + goto err_path;
...
> + if (watch_id >= 0) {
...
> + watch = kzalloc(sizeof(*watch), GFP_KERNEL);
> + if (!watch)
> + goto err_wlist;
So now you can basically allocate as much kernel memory as you want as
a regular user, as long as you have a mounted directory you can walk
(ie everybody).
Is there any limiting of watches anywhere? I don't see it.
I notice we already have this pattern elsewhere. I think we need to
fix this before we add more watch types.
Watch allocation shouldn't just be a kzalloc(). I think you should
have a "watch_allocate()" that does the initialization of id etc, but
also does some basic per-user watch resource tracking or something.
Linus
