Re: [PATCH] loop: prevent get_user pages call from kernel thread(v2)

[Dmitri Monakhov]

Andi Kleen <andi@xxxxxxxxxxxxxx> writes:

> Dmitri Monakhov <dmonakhov@xxxxxxxxxx> writes:
>
>> Yes... everybody know that it is bad to write from kernel thread, and it is
>> madness to do it with O_DIRECT. But occasionly file with O_DIRECT flag
>> may be passed to loop device via LOOP_SET_FD. So if file-system has't
>> address_space ops, or simply hide it like GFS, it is possible to kill kernel
>> via two lines program. In fact we can't effectively guard kernel space by
>> deny O_DIRECT in loop's code, because user space can set it via
>> fcntl(,F_SETFL,). Let's simply add sanity check mm related logic.	
>
> Wouldn't it be better if loop simply dup()ed the file descriptor
> and then checked the flag?  Presumably other fd flags could
> do bad things inside loop too.
Off course this can't work because both fd refer to the same struct file.
man fcntl:
 File status flags
       Each open file description has certain associated status flags, ini-
       tialized  by  open(2) and possibly modified by fcntl(2).  Duplicated
       file descriptors (made with dup(2), fcntl(F_DUPFD),  fork(2),  etc.)
       refer  to  the  same  open file description, and thus share the same
       file status flags.
>
> -Andi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/