From: David Howells <dhowells@redhat.com>
To: Jann Horn <jannh@google.com>
Cc: dhowells@redhat.com, Al Viro <viro@zeniv.linux.org.uk>,
Linux API <linux-api@vger.kernel.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
linux-fsdevel@vger.kernel.org,
kernel list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 29/38] vfs: syscall: Add fsconfig() for configuring and managing a context [ver #10]
Date: Mon, 30 Jul 2018 13:32:35 +0100 [thread overview]
Message-ID: <26455.1532953955@warthog.procyon.org.uk> (raw)
In-Reply-To: <CAG48ez3HY6UuOgo1gM9L=WwyOqifKSs6sFu7f2qqBZQg6hy96g@mail.gmail.com>
Jann Horn <jannh@google.com> wrote:
> > > This means that a namespace admin (iow, an unprivileged user) can
> > > allocate 1MB of unswappable kmalloc memory per userspace task, right?
> > > Using userfaultfd or FUSE, you can then stall the task as long as you
> > > want while it has that allocation. Is that problematic, or is that
> > > normal?
> >
> > That's not exactly the case. A userspace task can make a temporary
> > allocation, but unless the filesystem grabs it, it's released again on exit
> > from the system call.
>
> That's what I said.
Sorry, I wasn't clear what you meant. I assumed you were thinking it was then
automatically attached to the context, say:
fd = fsopen("fuse", 0);
fsconfig(fd, fsconfig_set_binary, "foo", buffer, size);
> Each userspace task can make a 1MB allocation by calling this syscall, and
> this temporary allocation stays allocated until the end of the syscall. But
> the runtime of the syscall is unbounded - even just the memdup_user_nul()
> can stall forever if the copy_from_user() call inside it faults on e.g. a
> userfault region or a memory-mapped file from a FUSE filesystem.
Okay, I see what you're getting at. Note that this affects other syscalls
too, keyctl, module loading and read() with readahead for example. Not sure
what the answer should be.
David
next prev parent reply other threads:[~2018-07-30 12:32 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-27 17:31 [PATCH 00/38] VFS: Introduce filesystem context [ver #10] David Howells
2018-07-27 17:31 ` [PATCH 01/38] vfs: syscall: Add open_tree(2) to reference or clone a mount " David Howells
2018-07-27 17:31 ` [PATCH 02/38] vfs: syscall: Add move_mount(2) to move mounts around " David Howells
2018-07-27 17:34 ` [PATCH 26/38] vfs: syscall: Add fsopen() to prepare for superblock creation " David Howells
2018-07-27 17:34 ` [PATCH 29/38] vfs: syscall: Add fsconfig() for configuring and managing a context " David Howells
2018-07-27 19:42 ` Andy Lutomirski
2018-07-27 21:51 ` David Howells
2018-07-27 21:57 ` Andy Lutomirski
2018-07-27 22:27 ` David Howells
2018-07-27 22:32 ` Jann Horn
2018-07-29 8:50 ` David Howells
2018-07-29 11:14 ` Jann Horn
2018-07-30 12:32 ` David Howells [this message]
2018-07-27 17:34 ` [PATCH 30/38] vfs: syscall: Add fsmount() to create a mount for a superblock " David Howells
2018-07-27 19:27 ` Andy Lutomirski
2018-07-27 19:43 ` Andy Lutomirski
2018-07-27 22:09 ` David Howells
2018-07-27 22:06 ` David Howells
2018-07-27 17:34 ` [PATCH 31/38] vfs: syscall: Add fspick() to select a superblock for reconfiguration " David Howells
2018-07-27 17:35 ` [PATCH 34/38] vfs: syscall: Add fsinfo() to query filesystem information " David Howells
2018-07-27 19:35 ` Andy Lutomirski
2018-07-27 22:12 ` David Howells
2018-07-27 23:14 ` Jann Horn
2018-07-27 23:49 ` David Howells
2018-07-28 0:14 ` Anton Altaparmakov
2018-07-27 23:51 ` David Howells
2018-07-27 23:58 ` Jann Horn
2018-07-28 0:08 ` David Howells
2018-07-30 14:48 ` David Howells
2018-07-31 4:16 ` Al Viro
2018-07-31 12:39 ` David Howells
2018-07-31 13:20 ` David Howells
2018-07-31 23:49 ` Darrick J. Wong
2018-08-01 1:07 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=26455.1532953955@warthog.procyon.org.uk \
--to=dhowells@redhat.com \
--cc=jannh@google.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).