On Sat, Jul 24, 2021 at 12:45:12AM +0100, Matthew Wilcox wrote:
> On Fri, Jul 23, 2021 at 08:19:49PM +0000, Al Viro wrote:
> > To elaborate: ->release() instance may not assume anything about current->mm,
> > or assume anything about current, for that matter. It is entirely possible
> > to arrange its execution in context of a process that is not yours and had not
> > consent to doing that. In particular, it's a hard bug to have _any_ visible
> > effects depending upon the memory mappings, memory contents or the contents of
> > descriptor table of the process in question.
>
> Hmm. Could we add a poison_current() function? Something like ...
>
> static inline void call_release(struct file *file, struct inode *inode)
> {
> void *tmp = poison_current();
> if (file->f_op->release)
> file->f_op->release(inode, file);
> restore_current(tmp);
> }
>
> Should be straightforward for asm-generic/current.h and for x86 too.
> Probably have to disable preemption? Maybe interrupts too? Not sure
> what's kept in current these days that an interrupt handler might
> rely on being able to access temporarily.
->release() might grab a mutex, for example. Scheduler is going to be unhappy
if it runs into somebody playing silly buggers with current...
