On 7/23/21 5:45 PM, Matthew Wilcox wrote:
> On Fri, Jul 23, 2021 at 08:19:49PM +0000, Al Viro wrote:
>> To elaborate: ->release() instance may not assume anything about current->mm,
>> or assume anything about current, for that matter. It is entirely possible
>> to arrange its execution in context of a process that is not yours and had not
>> consent to doing that. In particular, it's a hard bug to have _any_ visible
>> effects depending upon the memory mappings, memory contents or the contents of
>> descriptor table of the process in question.
>
> Hmm. Could we add a poison_current() function? Something like ...
>
> static inline void call_release(struct file *file, struct inode *inode)
> {
> void *tmp = poison_current();
> if (file->f_op->release)
> file->f_op->release(inode, file);
> restore_current(tmp);
> }
>
> Should be straightforward for asm-generic/current.h and for x86 too.
> Probably have to disable preemption? Maybe interrupts too? Not sure
> what's kept in current these days that an interrupt handler might
> rely on being able to access temporarily.
->release() would probably be unhappy with preempt and/or interrupts
disabled for a lot of legit cases...
--
Jens Axboe
