On Tue, Jul 12, 2022 at 10:33:01AM -0700, Linus Torvalds wrote: > [ Adding random people who get blamed for lines in this remap_range > thing to the participants ] > > On Tue, Jul 12, 2022 at 5:11 AM Ansgar Lößer > <ansgar.loesser@xxxxxxxxxxxxxxx> wrote: > > > > using the deduplication API we found out, that the FIDEDUPERANGE ioctl > > syscall can be used to read a writeonly file. > > So I think your patch is slightly wrong, but I think this is worth > fixing - just likely differently. I'm going to leave discussing the permissions aspect to the experts in that realm, but from a practical point of view, why do we allow the dedupe ioctl to investigate arbitrary byte ranges? If you're going to dedupe, it has to be block aligned (both start and length). If we enforce that in the ioctl, this attack becomes impractical (maybe you can investigate 512-byte blobs of an 8192-bit key, but we seem to max out at 4096-bit keys before switching to a fundamentally harder algorithm).
