From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev,
Sudheendra Raghav Neela <sneela@tugraz.at>,
Johannes Weiner <hannes@cmpxchg.org>,
Nhat Pham <nphamcs@gmail.com>,
Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH 6.13 10/25] cachestat: fix page cache statistics permission checking
Date: Thu, 30 Jan 2025 14:58:56 +0100 [thread overview]
Message-ID: <20250130133457.343862392@linuxfoundation.org> (raw)
In-Reply-To: <20250130133456.914329400@linuxfoundation.org>
6.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: Linus Torvalds <torvalds@linux-foundation.org>
commit 5f537664e705b0bf8b7e329861f20128534f6a83 upstream.
When the 'cachestat()' system call was added in commit cf264e1329fb
("cachestat: implement cachestat syscall"), it was meant to be a much
more convenient (and performant) version of mincore() that didn't need
mapping things into the user virtual address space in order to work.
But it ended up missing the "check for writability or ownership" fix for
mincore(), done in commit 134fca9063ad ("mm/mincore.c: make mincore()
more conservative").
This just adds equivalent logic to 'cachestat()', modified for the file
context (rather than vma).
Reported-by: Sudheendra Raghav Neela <sneela@tugraz.at>
Fixes: cf264e1329fb ("cachestat: implement cachestat syscall")
Tested-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Nhat Pham <nphamcs@gmail.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
mm/filemap.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -4376,6 +4376,20 @@ resched:
}
/*
+ * See mincore: reveal pagecache information only for files
+ * that the calling process has write access to, or could (if
+ * tried) open for writing.
+ */
+static inline bool can_do_cachestat(struct file *f)
+{
+ if (f->f_mode & FMODE_WRITE)
+ return true;
+ if (inode_owner_or_capable(file_mnt_idmap(f), file_inode(f)))
+ return true;
+ return file_permission(f, MAY_WRITE) == 0;
+}
+
+/*
* The cachestat(2) system call.
*
* cachestat() returns the page cache statistics of a file in the
@@ -4430,6 +4444,9 @@ SYSCALL_DEFINE4(cachestat, unsigned int,
if (is_file_hugepages(fd_file(f)))
return -EOPNOTSUPP;
+ if (!can_do_cachestat(fd_file(f)))
+ return -EPERM;
+
if (flags != 0)
return -EINVAL;
next prev parent reply other threads:[~2025-01-30 13:59 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-30 13:58 [PATCH 6.13 00/25] 6.13.1-rc1 review Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 01/25] gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 02/25] libfs: Return ENOSPC when the directory offset range is exhausted Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 03/25] Revert "libfs: Add simple_offset_empty()" Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 04/25] Revert "libfs: fix infinite directory reads for offset dir" Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 05/25] libfs: Replace simple_offset end-of-directory detection Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 06/25] libfs: Use d_children list to iterate simple_offset directories Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 07/25] smb: client: handle lack of EA support in smb2_query_path_info() Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 08/25] net: sched: fix ets qdisc OOB Indexing Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 09/25] Revert "HID: multitouch: Add support for lenovo Y9000P Touchpad" Greg Kroah-Hartman
2025-01-30 13:58 ` Greg Kroah-Hartman [this message]
2025-01-30 13:58 ` [PATCH 6.13 11/25] vfio/platform: check the bounds of read/write syscalls Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 12/25] scsi: storvsc: Ratelimit warning logs to prevent VM denial of service Greg Kroah-Hartman
2025-01-30 13:58 ` [PATCH 6.13 13/25] USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 14/25] Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 15/25] ALSA: usb-audio: Add delay quirk for USB Audio Device Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 16/25] wifi: rtl8xxxu: add more missing rtl8192cu USB IDs Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 17/25] HID: wacom: Initialize brightness of LED trigger Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 18/25] io_uring/rsrc: require cloned buffers to share accounting contexts Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 19/25] Input: xpad - add support for Nacon Pro Compact Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 20/25] Input: atkbd - map F23 key to support default copilot shortcut Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 21/25] Input: xpad - add unofficial Xbox 360 wireless receiver clone Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 22/25] Input: xpad - add QH Electronics VID/PID Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 23/25] Input: xpad - improve name of 8BitDo controller 2dc8:3106 Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 24/25] Input: xpad - add support for Nacon Evol-X Xbox One Controller Greg Kroah-Hartman
2025-01-30 13:59 ` [PATCH 6.13 25/25] Input: xpad - add support for wooting two he (arm) Greg Kroah-Hartman
2025-01-30 15:58 ` [PATCH 6.13 00/25] 6.13.1-rc1 review Luna Jernberg
2025-01-30 22:06 ` Florian Fainelli
2025-01-31 8:58 ` Greg Kroah-Hartman
2025-01-30 22:26 ` Florian Fainelli
2025-01-31 5:39 ` Jon Hunter
2025-01-31 12:17 ` Christian Heusel
2025-01-31 13:39 ` Ron Economos
2025-01-31 13:43 ` Mark Brown
2025-01-31 14:47 ` Justin Forbes
2025-01-31 15:49 ` Naresh Kamboju
2025-01-31 16:28 ` Muhammad Usama Anjum
2025-02-01 13:17 ` Kexy Biscuit
2025-02-01 14:39 ` Peter Schneider
2025-02-03 10:25 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250130133457.343862392@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=hannes@cmpxchg.org \
--cc=nphamcs@gmail.com \
--cc=patches@lists.linux.dev \
--cc=sneela@tugraz.at \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.