Re: truncate shows non zero data beyond the end of the inode withMAP_SHARED
From: Helge Hafting
Date: Thu Sep 16 2004 - 03:46:46 EST
Andrea Arcangeli wrote:
On Wed, Sep 15, 2004 at 03:00:16PM -0700, William Lee Irwin III wrote:
William Lee Irwin III <wli@xxxxxxxxxxxxxx> wrote:
Zeroing the final partial page during expanding truncate (flushing TLB)
sounds like a reasonable half measure; we don't do anything at the moment.
On Wed, Sep 15, 2004 at 02:55:24PM -0700, Andrew Morton wrote:
Sure about that? block_truncate_page() gets called.
So it does; then the hard parts are what's biting aa.
block_truncate_page is unrelated with this issue, it's called on the
_new_ partial page generated by truncate, not on the _old_ partial page
that is being extended to be a _full_ page (with garbage inside between
the old_i_size and PAGE_ALIGN(old_i_size)).
Could this "garbage" possibly be confidential data?
I.e. one user repeatedly makes and mmaps a 1-byte file,
extends it to 4k, and looks at the 4095 bytes of "garbage".
Maybe he finds some "interesting stuff" when someone else's
confidential file just got dropped from pagecache
so he could mmap this 1-byte file?
Helge Hafting
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/