From patchwork Thu Dec 10 07:06:35 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Willy Tarreau X-Patchwork-Id: 7814851 Return-Path: X-Original-To: patchwork-linux-fsdevel@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id C69D89F349 for ; Thu, 10 Dec 2015 07:07:05 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id E597C203E9 for ; Thu, 10 Dec 2015 07:07:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1812420398 for ; Thu, 10 Dec 2015 07:07:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753182AbbLJHGs (ORCPT ); Thu, 10 Dec 2015 02:06:48 -0500 Received: from wtarreau.pck.nerim.net ([62.212.114.60]:14527 "EHLO 1wt.eu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751840AbbLJHGs (ORCPT ); Thu, 10 Dec 2015 02:06:48 -0500 Received: (from willy@localhost) by pcw.home.local (8.14.3/8.14.3/Submit) id tBA76Z2S031964; Thu, 10 Dec 2015 08:06:35 +0100 Date: Thu, 10 Dec 2015 08:06:35 +0100 From: Willy Tarreau To: Kees Cook Cc: Andrew Morton , Jan Kara , yalin wang , "Eric W. Biederman" , Alexander Viro , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v5] fs: clear file privilege bits when mmap writing Message-ID: <20151210070635.GC31922@1wt.eu> References: <20151209225148.GA14794@www.outflux.net> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <20151209225148.GA14794@www.outflux.net> User-Agent: Mutt/1.4.2.3i Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, T_RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Hi Kees, Why not add a new file flag instead ? Something like this (editing your patch by hand to illustrate) : Willy --- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/fs/file_table.c b/fs/file_table.c index ad17e05ebf95..3a7eee76ea90 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -191,6 +191,17 @@ static void __fput(struct file *file) might_sleep(); + /* + * XXX: While avoiding mmap_sem, we've already been written to. + * We must ignore the return value, since we can't reject the + * write. + */ + if (unlikely(file->f_flags & FL_DROP_PRIVS)) { + mutex_lock(&inode->i_mutex); + file_remove_privs(file); + mutex_unlock(&inode->i_mutex); + } + fsnotify_close(file); /* * The function eventpoll_release() should be the first called diff --git a/include/linux/fs.h b/include/linux/fs.h index 3aa514254161..409bd7047e7e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -913,3 +913,4 @@ #define FL_OFDLCK 1024 /* lock is "owned" by struct file */ #define FL_LAYOUT 2048 /* outstanding pNFS layout */ +#define FL_DROP_PRIVS 4096 /* lest something weird decides that 2 is OK */ diff --git a/mm/memory.c b/mm/memory.c index c387430f06c3..08a77e0cf65f 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -2036,6 +2036,7 @@ static inline int wp_page_reuse(struct mm_struct *mm, if (!page_mkwrite) file_update_time(vma->vm_file); + vma->vm_file->f_flags |= FL_DROP_PRIVS; } return VM_FAULT_WRITE;