On 20.11.23 09:37, Ahmad Fatoum wrote:
> barebox dentry cache is never cleared with the assumption that there
> should be enough RAM anyway to cache all lookups until boot.
>
> When fuzzing barebox however, there is no limit to how many dentries
> are added to the cache. This is e.g. problematic when fuzzing the FIT
> parser: FIT images can have compressed payloads. Compressed payloads are
> passed to uncompress_buf_to_buf, which uses a new random file in ramfs
> as destination. A fuzzer would thus create a dentry for every iteration,
> rapidly depleting memory.
>
> A general solution for that would be dropping the dentry cache on memory
> pressure. In the special case of uncompress_buf_to_buf, it would already
> be enough though to sidestep the dentry cache and create an anonymous
> file. Linux provides this with the O_TMPFILE option, so let's add the
> equivalent to barebox.
>
> Signed-off-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
> ---
> fs/fs.c | 29 +++++++++++++++++++++++++++++
> include/fcntl.h | 3 +++
> 2 files changed, 32 insertions(+)
>
> diff --git a/fs/fs.c b/fs/fs.c
> index 1800d6826ddc..6bd3c2df3c31 100644
> --- a/fs/fs.c
> +++ b/fs/fs.c
> @@ -2539,6 +2539,35 @@ int open(const char *pathname, int flags, ...)
> const char *s;
> struct filename *filename;
>
> + if (flags & O_TMPFILE) {
> + fsdev = get_fsdevice_by_path(pathname);
> + if (!fsdev) {
> + errno = ENOENT;
> + return -errno;
> + }
> +
> + if (fsdrv != ramfs_driver) {
> + errno = EOPNOTSUPP;
> + return -errno;
> + }
Ouch should be fsdev->driver. Will retest and resend.
> +
> + f = get_file();
> + if (!f) {
> + errno = EMFILE;
> + return -errno;
> + }
> +
> + f->path = NULL;
> + f->dentry = NULL;
> + f->f_inode = new_inode(&fsdev->sb);
> + f->f_inode->i_mode = S_IFREG;
> + f->flags = flags;
> + f->size = 0;
> + f->fsdev = fsdev;
> +
> + return f->no;
> + }
> +
> filename = getname(pathname);
> if (IS_ERR(filename))
> return PTR_ERR(filename);
> diff --git a/include/fcntl.h b/include/fcntl.h
> index 2e7c0eed3479..1b4cd8ad3783 100644
> --- a/include/fcntl.h
> +++ b/include/fcntl.h
> @@ -16,6 +16,9 @@
> #define O_APPEND 00002000
> #define O_DIRECTORY 00200000 /* must be a directory */
> #define O_NOFOLLOW 00400000 /* don't follow links */
> +#define __O_TMPFILE 020000000
> +
> +#define O_TMPFILE (__O_TMPFILE | O_DIRECTORY)
>
> /* barebox additional flags */
> #define O_RWSIZE_MASK 017000000
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
