Received: by 2002:ac0:a594:0:0:0:0:0 with SMTP id m20-v6csp5262204imm; Fri, 18 May 2018 21:18:28 -0700 (PDT) X-Google-Smtp-Source: AB8JxZovteKs3pgFjABgbOkcIc6uwwFUP1i8OLV/TUlpZC/cayKStiV5jhvAsiByDW5qECn40QVT X-Received: by 2002:a17:902:294a:: with SMTP id g68-v6mr12262824plb.110.1526703508800; Fri, 18 May 2018 21:18:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1526703508; cv=none; d=google.com; s=arc-20160816; b=iz35is/62PhlcwrfNULLL+UNGruod9qU17mqAiJMHppyz3gQNLiKh4PLzH0k/0sFjq SKRiaGLdkeacReihtMDZUy25DQg2CN0eBo+SmLoGc8iOaa2J5PfVJwLca4l7PPTN7Rho Uo6VdwpQS5FMOVOIvYX6kSskcfoAPy/QsCExB5CHyDnPlAUqWzb4D6SzrWZDgdoOnNRW ySM6t4qNkTGinx79dd0w6nhyrNICiBNPj5aMwAg73Io9301i4gs27HEQnwQNKaP1OWhd IJU147usrWxPrfxx4A4dSXSDpuSfEGjOZXHGsmDUSBGxbj+NB0eQNxO7AIIEILfdn4pg Yzcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=qAg940XknkM4PG2s0R4ILxDzZ+fwu6VkqJT//lFV2Ac=; b=G8bKyKTtQfawqS2CkwfmwATO5NMybHsOb41ddSt/X9xPCh0UHXMpAslPsRyyj9dFQV i7DPCCDWZnGMFZKTIex1gWbR1lM75Vu0PdgV/+5ijzV5aEx5aONptOFyMz07cGXwQL13 9e1i+sHQqK4tdor7WpT0tQuq3b++c9/3W+VQYugHQKwg/rT1WvJZDx598aLINyaQpKYR 6OK2uMuV+UV17+P1C/dInWmzer/oFwcxYYruggO13XeFBpIfsoSVZKMhPbQwgWUgNcv2 zwVZzjyVJrnI047y0vRpjUBealL2czEqzMTNKiyLv1H5kWhf+p7lx5JBqyN9ZcjX84rl cImQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=adaYmAo2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b6-v6si9204726pls.583.2018.05.18.21.18.14; Fri, 18 May 2018 21:18:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=adaYmAo2; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750797AbeESENK (ORCPT + 99 others); Sat, 19 May 2018 00:13:10 -0400 Received: from mail-io0-f195.google.com ([209.85.223.195]:39143 "EHLO mail-io0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750743AbeESENI (ORCPT ); Sat, 19 May 2018 00:13:08 -0400 Received: by mail-io0-f195.google.com with SMTP id r9-v6so8551178iod.6 for ; Fri, 18 May 2018 21:13:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qAg940XknkM4PG2s0R4ILxDzZ+fwu6VkqJT//lFV2Ac=; b=adaYmAo22jC13aYZ1H2jlRVlktJsbDKy+lzegvhBLgPUZYyMF0GNlEGCvvrYAiPtqH 5XtZhrdkkXbxwO28KWopYll8bcLI1NL+vL3ABCON87duoBANOX+f0JYs0WllZVjDzhZe OOcK1vjkA8K8lXUfwcUvGwqifigdc6QVMtGds= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qAg940XknkM4PG2s0R4ILxDzZ+fwu6VkqJT//lFV2Ac=; b=BthNfX/IA/LGrAlaSgEDEKcGJvnbMlVIrtpdvDDwKa5OPfskF6oSOuK7Yc6i/ycJ2X bRsDuXenIb+49PKQ0FHf6EvVmzEO/A4JClpqK9RjpSqIKQCHcNWUhBd0nZQg4rdclHTk +Q2UdlE8oPUQHQTqsWIeeEB6vWK6bPWHhzulAOI54fuCScifrPTrWEGOLBw+yNzs3m2Y uNJnMjL6SodX5/59FNTkpOv8z+Vc3P4zriHfUkKVd6jcqQmEB/MD2E4cnNix/4lSjBiv PSSbSFt6jgRv4IAqcNYaSjA1IYzzkdxNl+9Fh7Fu24ALiEhFscUOcB1GCnJtug97SKfS vfBA== X-Gm-Message-State: ALKqPwe5z6ZO4gFcLXIGAoxYsbiVuEDqj3qjp/t5M4ghOQFNXGPsMXmT JRzeT0GoH/aqJR/TTv/oroVdpk7aJDoo/XW/CGE= X-Received: by 2002:a6b:dc12:: with SMTP id s18-v6mr14013252ioc.203.1526703187352; Fri, 18 May 2018 21:13:07 -0700 (PDT) MIME-Version: 1.0 References: <20180519034338.GV30522@ZenIV.linux.org.uk> In-Reply-To: <20180519034338.GV30522@ZenIV.linux.org.uk> From: Linus Torvalds Date: Fri, 18 May 2018 21:12:56 -0700 Message-ID: Subject: Re: [PATCH] procfs: fix mmap() for /proc/vmcore To: Al Viro Cc: gor@linux.ibm.com, Andrew Morton , Linux Kernel Mailing List , Heiko Carstens Content-Type: multipart/mixed; boundary="00000000000028fee3056c87497b" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --00000000000028fee3056c87497b Content-Type: text/plain; charset="UTF-8" On Fri, May 18, 2018 at 8:43 PM Al Viro wrote: > Not quite. The things like > if (unlikely(*ppos >= inode->i_sb->s_maxbytes)) > return 0; > iov_iter_truncate(iter, inode->i_sb->s_maxbytes); > protect most of the regular files (see mm/filemap.c). And for devices (which is > where the majority of crap ->read()/->write() is) it's obviously not applicable - > ->s_maxbytes of *what*? Yeah that "s_maxbytes of what" is I think the real issue. We should never have made s_maxbytes be super-block specific: we should have made it be per-inode, and then have inode_init_always() initialize it using something like the file_mmap_size_max() logic. (So we'd still have a "sb_maxbytes" that filesystems would fill in, but it would only be used as a "fill in inode value for regular files for this superblock"). Then we could actually protect read/write properly, because many of the nasty bugs have been in character device drivers. Oh well. It would still be a good thing to do some day, I suspect, but it's clearly not the case now, and so s_maxbytes actually has much less coverage than I was hoping for. (And thus also the problems with /proc/vmcore - it never saw s_maxbytes limits before). Oh, well. The lack of any meaningful s_maxbytes coverage for proc obviously means that my objections against Vasily's patch are mostly invalid. Even if /proc does use "generic_file_llseek()" a lot and that should limit things to 4G offsets, you can just use pread64/pwrite64 to see if you can screw up the offset. I'd still prefer to limit the damage to just "vmcore". Something like the below COMPLETELY UNTESTED patch? Vasily? Linus --00000000000028fee3056c87497b Content-Type: text/x-patch; charset="US-ASCII"; name="patch.diff" Content-Disposition: attachment; filename="patch.diff" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_jhcvm91p0 IGZzL3Byb2Mvdm1jb3JlLmMgfCA4ICsrKysrKysrCiAxIGZpbGUgY2hhbmdlZCwgOCBpbnNlcnRp b25zKCspCgpkaWZmIC0tZ2l0IGEvZnMvcHJvYy92bWNvcmUuYyBiL2ZzL3Byb2Mvdm1jb3JlLmMK aW5kZXggYTQ1ZjBhZjIyYTYwLi44MzI3OGM1NDcxMjcgMTAwNjQ0Ci0tLSBhL2ZzL3Byb2Mvdm1j b3JlLmMKKysrIGIvZnMvcHJvYy92bWNvcmUuYwpAQCAtNDkxLDcgKzQ5MSwxNSBAQCBzdGF0aWMg aW50IG1tYXBfdm1jb3JlKHN0cnVjdCBmaWxlICpmaWxlLCBzdHJ1Y3Qgdm1fYXJlYV9zdHJ1Y3Qg KnZtYSkKIH0KICNlbmRpZgogCisvKiBNYXJrIHZtY29yZSBhcyBiZWluZyBhYmxlIGFuZCB3aWxs aW5nIHRvIGRvIDY0LWJpdCBtbWFwcyAqLworc3RhdGljIGludCB2bWNvcmVfb3BlbihzdHJ1Y3Qg aW5vZGUgKmlub2RlLCBzdHJ1Y3QgZmlsZSAqZmlsZSkKK3sKKwlmaWxlLT5mX21vZGUgfD0gRk1P REVfVU5TSUdORURfT0ZGU0VUOworCXJldHVybiAwOworfQorCiBzdGF0aWMgY29uc3Qgc3RydWN0 IGZpbGVfb3BlcmF0aW9ucyBwcm9jX3ZtY29yZV9vcGVyYXRpb25zID0geworCS5vcGVuCQk9IHZt Y29yZV9vcGVuLAogCS5yZWFkCQk9IHJlYWRfdm1jb3JlLAogCS5sbHNlZWsJCT0gZGVmYXVsdF9s bHNlZWssCiAJLm1tYXAJCT0gbW1hcF92bWNvcmUsCg== --00000000000028fee3056c87497b--