From: Oleg Nesterov <oleg@redhat.com>
To: madvenka@linux.microsoft.com
Cc: kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org, x86@kernel.org
Subject: Re: [PATCH v1 1/4] [RFC] fs/trampfd: Implement the trampoline file descriptor API
Date: Tue, 28 Jul 2020 16:50:14 +0200
Message-ID: <20200728145013.GA9972@redhat.com> (raw)
In-Reply-To: <20200728131050.24443-2-madvenka@linux.microsoft.com>
On 07/28, madvenka@linux.microsoft.com wrote:
>
> +bool is_trampfd_vma(struct vm_area_struct *vma)
> +{
> + struct file *file = vma->vm_file;
> +
> + if (!file)
> + return false;
> + return !strcmp(file->f_path.dentry->d_name.name, trampfd_name);
Hmm, this looks obviously wrong or I am totally confused. A user can
create a file named "[trampfd]", mmap it, and fool trampfd_fault() ?
Why not
return file->f_op == trampfd_fops;
?
> +EXPORT_SYMBOL_GPL(is_trampfd_vma);
why is it exported?
Oleg.
next prev parent reply index
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <aefc85852ea518982e74b233e11e16d2e707bc32>
2020-07-28 13:10 ` [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor madvenka
2020-07-28 13:10 ` [PATCH v1 1/4] [RFC] fs/trampfd: Implement the trampoline file descriptor API madvenka
2020-07-28 14:50 ` Oleg Nesterov [this message]
2020-07-28 14:58 ` Madhavan T. Venkataraman
2020-07-28 16:06 ` Oleg Nesterov
2020-07-28 13:10 ` [PATCH v1 2/4] [RFC] x86/trampfd: Provide support for the trampoline file descriptor madvenka
2020-07-30 9:06 ` Greg KH
2020-07-30 14:25 ` Madhavan T. Venkataraman
2020-07-28 13:10 ` [PATCH v1 3/4] [RFC] arm64/trampfd: " madvenka
2020-07-28 13:10 ` [PATCH v1 4/4] [RFC] arm/trampfd: " madvenka
2020-07-28 15:13 ` [PATCH v1 0/4] [RFC] Implement Trampoline File Descriptor David Laight
2020-07-28 16:32 ` Madhavan T. Venkataraman
2020-07-28 17:16 ` Andy Lutomirski
2020-07-28 18:52 ` Madhavan T. Venkataraman
2020-07-29 8:36 ` David Laight
2020-07-29 17:55 ` Madhavan T. Venkataraman
[not found] ` <81d744c0-923e-35ad-6063-8b186f6a153c@linux.microsoft.com>
2020-07-29 5:16 ` Andy Lutomirski
2020-07-28 16:05 ` Casey Schaufler
2020-07-28 16:49 ` Madhavan T. Venkataraman
2020-07-28 17:05 ` James Morris
2020-07-28 17:08 ` Madhavan T. Venkataraman
2020-07-28 17:31 ` Andy Lutomirski
2020-07-28 19:01 ` Madhavan T. Venkataraman
2020-07-29 13:29 ` Florian Weimer
2020-07-30 13:09 ` David Laight
2020-08-02 11:56 ` Pavel Machek
2020-08-03 8:08 ` David Laight
2020-08-03 15:57 ` Madhavan T. Venkataraman
2020-07-30 14:42 ` Madhavan T. Venkataraman
[not found] ` <6540b4b7-3f70-adbf-c922-43886599713a@linux.microsoft.com>
2020-07-30 20:54 ` Andy Lutomirski
2020-07-31 17:13 ` Madhavan T. Venkataraman
2020-07-31 18:31 ` Mark Rutland
2020-08-03 8:27 ` David Laight
2020-08-03 16:03 ` Madhavan T. Venkataraman
2020-08-03 16:57 ` David Laight
2020-08-03 17:00 ` Madhavan T. Venkataraman
2020-08-03 17:58 ` Madhavan T. Venkataraman
2020-08-04 13:55 ` Mark Rutland
2020-08-04 14:33 ` David Laight
2020-08-04 14:44 ` David Laight
2020-08-04 14:48 ` Madhavan T. Venkataraman
2020-08-04 15:46 ` Madhavan T. Venkataraman
2020-08-02 13:57 ` Florian Weimer
2020-08-02 18:54 ` Madhavan T. Venkataraman
2020-08-02 20:00 ` Andy Lutomirski
2020-08-02 22:58 ` Madhavan T. Venkataraman
2020-08-03 18:36 ` Madhavan T. Venkataraman
2020-08-10 17:34 ` Madhavan T. Venkataraman
2020-08-11 21:12 ` Madhavan T. Venkataraman
2020-08-03 8:23 ` David Laight
2020-08-03 15:59 ` Madhavan T. Venkataraman
2020-07-31 18:09 ` Mark Rutland
2020-07-31 20:08 ` Madhavan T. Venkataraman
2020-08-03 16:57 ` Madhavan T. Venkataraman
2020-08-04 14:30 ` Mark Rutland
2020-08-06 17:26 ` Madhavan T. Venkataraman
2020-08-08 22:17 ` Pavel Machek
2020-08-11 12:41 ` Madhavan T. Venkataraman
2020-08-11 13:08 ` Pavel Machek
2020-08-11 15:54 ` Madhavan T. Venkataraman
2020-08-12 10:06 ` Mark Rutland
2020-08-12 18:47 ` Madhavan T. Venkataraman
2020-08-19 18:53 ` Mickaël Salaün
2020-09-01 15:42 ` Mark Rutland
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200728145013.GA9972@redhat.com \
--to=oleg@redhat.com \
--cc=kernel-hardening@lists.openwall.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=madvenka@linux.microsoft.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Security-Module Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
linux-security-module@vger.kernel.org
public-inbox-index linux-security-module
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git