On Fri, Jul 23, 2021 at 08:19:49PM +0000, Al Viro wrote:
> To elaborate: ->release() instance may not assume anything about current->mm,
> or assume anything about current, for that matter. It is entirely possible
> to arrange its execution in context of a process that is not yours and had not
> consent to doing that. In particular, it's a hard bug to have _any_ visible
> effects depending upon the memory mappings, memory contents or the contents of
> descriptor table of the process in question.
Hmm. Could we add a poison_current() function? Something like ...
static inline void call_release(struct file *file, struct inode *inode)
{
void *tmp = poison_current();
if (file->f_op->release)
file->f_op->release(inode, file);
restore_current(tmp);
}
Should be straightforward for asm-generic/current.h and for x86 too.
Probably have to disable preemption? Maybe interrupts too? Not sure
what's kept in current these days that an interrupt handler might
rely on being able to access temporarily.
