Re: [RFC/PATCH] revoke/frevoke system calls V2

From: Alan Cox
Date: Thu Jul 27 2006 - 10:46:39 EST


Ar Iau, 2006-07-27 am 17:25 +0300, ysgrifennodd Pekka J Enberg:
> There are two known remaining issues: if someone expands the fd
> tables, we will BUG_ON. Edgar Toerning expressed concers over allowing
> any user to remove mappings from another process and letting it
> crash. Albert Cahalan suggested either converting the shared mapping
> to private or substitute the unmapped pages with zeroed pages.

That should be three I think. frevoke and revoke should not return until
all the existing outstanding is dead. For devices that means we need to
wake up the device where possible and really suggests we need a device
->revoke method. TTY devices need this to allow us to re-implement
vhangup in terms of revoke. Other devices devices are not all
sufficiently secure without this check. Some may also want to use this
hook to ensure that any security context is dead (eg cached crypto
keys).

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/