diff options
author | Dmitry Monakhov <dmonakhov@openvz.org> | 2015-02-10 23:09:29 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2015-02-10 23:30:30 +0100 |
commit | 913e027ca17ee06fa9436a21e54464795b0fa0e8 (patch) | |
tree | d583200d611573204224ac54bb7f7f1a633950ef | |
parent | o2dlm: fix NULL pointer dereference in o2dlm_blocking_ast_wrapper (diff) | |
download | linux-913e027ca17ee06fa9436a21e54464795b0fa0e8.tar.xz linux-913e027ca17ee06fa9436a21e54464795b0fa0e8.zip |
fsioctl.c: make generic_block_fiemap() signal-tolerant
__generic_block_fiemap may spin very long time for large sparse files.
Without this patch an unprivileged user may abuse system resources simply
by spawning a vast number of unkilable busyloops (works on ext2/ext3):
truncate --size 1T test
for ((i=0;i<1024;i++))
do
filefrag test > /dev/null &
done
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Cc: Theodore Ts'o <tytso@mit.edu>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | Documentation/filesystems/fiemap.txt | 3 | ||||
-rw-r--r-- | fs/ioctl.c | 5 |
2 files changed, 7 insertions, 1 deletions
diff --git a/Documentation/filesystems/fiemap.txt b/Documentation/filesystems/fiemap.txt index 1b805a0efbb0..f6d9c99103a4 100644 --- a/Documentation/filesystems/fiemap.txt +++ b/Documentation/filesystems/fiemap.txt @@ -196,7 +196,8 @@ struct fiemap_extent_info { }; It is intended that the file system should not need to access any of this -structure directly. +structure directly. Filesystem handlers should be tolerant to signals and return +EINTR once fatal signal received. Flag checking should be done at the beginning of the ->fiemap callback via the diff --git a/fs/ioctl.c b/fs/ioctl.c index 214c3c11fbc2..5d01d2638ca5 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -379,6 +379,11 @@ int __generic_block_fiemap(struct inode *inode, past_eof = true; } cond_resched(); + if (fatal_signal_pending(current)) { + ret = -EINTR; + break; + } + } while (1); /* If ret is 1 then we just hit the end of the extent array */ |