Re: [LSF/MM/BPF TOPIC] Dropping page cache of individual fs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jan 17, 2024 at 03:51:37PM -0500, Phillip Susi wrote:
> Matthew Wilcox <willy@xxxxxxxxxxxxx> writes:
> 
> > We have numerous ways to intercept file reads and make them either
> > block or fail.  The obvious one to me is security_file_permission()
> > called from rw_verify_area().  Can we do everything we need with an LSM?
> 
> I like the idea.  That runs when someone opens a file right?  What about

Every read() and write() call goes through there.  eg ksys_read ->
vfs_read -> rw_verify_area -> security_file_permission

It wouldn't cover mmap accesses.  So if you had the file mmaped
before suspend, you'd still be able to load from the mmap.  There's
no security_ hook for that right now, afaik.

> Is that in addition to, or instead of throwing out the key and
> suspending IO at the block layer?  If it is in addition, then that would
> mean that trying to open a file would fail cleanly, but accessing a page
> that is already mapped could hang the task.  In an unkillable state.
> For a long time.  Even the OOM killer can't kill a task blocked like
> that can it?  Or did that get fixed at some point?

TASK_KILLABLE was added in 2008, but it's up to each individual call
site whether to use killable or uninterruptible sleep.





[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux