Re: [PATCH] mm/shmem.c: don't set 'seals' to 'F_SEAL_SEAL' in shmem_get_inode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 2019/11/27 12:24, Hugh Dickins Wrote:
On Wed, 27 Nov 2019, yu kuai wrote:

'seals' is set to 'F_SEAL_SEAL' in shmem_get_inode, which means "prevent
further seals from being set", thus sealing API will be useless and many
code in shmem.c will never be reached. For example:

The sealing API is not useless, and that code can be reached.


shmem_setattr
	if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
	    (newsize > oldsize && (info->seals & F_SEAL_GROW)))
		return -EPERM;

So, initialize 'seals' to zero is more reasonable.

Signed-off-by: yu kuai <yukuai3@xxxxxxxxxx>

NAK.

See memfd_create in mm/memfd.c (code which originated in mm/shmem.c,
then was extended to support hugetlbfs also): sealing is for memfds,
not for tmpfs or hugetlbfs files or SHM.  Without thinking about it too
hard, I believe that to allow sealing on tmpfs files would introduce
surprising new behaviors on them, which might well raise security issues;
and also be incompatible with the guarantees intended by sealing.

Thank you for your response.
Yu Kuai





[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux