From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx3-rdu2.redhat.com ([66.187.233.73]:58470 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726022AbeG2KTo (ORCPT ); Sun, 29 Jul 2018 06:19:44 -0400 From: David Howells In-Reply-To: References: <153271267980.9458.7640156373438016898.stgit@warthog.procyon.org.uk> <153271287586.9458.6001928723332685410.stgit@warthog.procyon.org.uk> To: Jann Horn Cc: dhowells@redhat.com, Al Viro , Linux API , Linus Torvalds , linux-fsdevel@vger.kernel.org, kernel list Subject: Re: [PATCH 29/38] vfs: syscall: Add fsconfig() for configuring and managing a context [ver #10] MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <19864.1532854200.1@warthog.procyon.org.uk> Date: Sun, 29 Jul 2018 09:50:00 +0100 Message-ID: <19865.1532854200@warthog.procyon.org.uk> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Jann Horn wrote: > [...] > > + case fsconfig_set_binary: > > + param.type = fs_value_is_blob; > > + param.size = aux; > > + param.blob = memdup_user_nul(_value, aux); > > + if (IS_ERR(param.blob)) { > > + ret = PTR_ERR(param.blob); > > + goto out_key; > > + } > > + break; > > This means that a namespace admin (iow, an unprivileged user) can > allocate 1MB of unswappable kmalloc memory per userspace task, right? > Using userfaultfd or FUSE, you can then stall the task as long as you > want while it has that allocation. Is that problematic, or is that > normal? That's not exactly the case. A userspace task can make a temporary allocation, but unless the filesystem grabs it, it's released again on exit from the system call. Note that I should probably use vmalloc() rather than kmalloc(), but that doesn't really affect your point. I could also pass the user pointer through to the filesystem instead - I wanted to avoid that for this interface, but it make sense in this instance. David