[Devel] [PATCH 2/2] ext4/mfsync: Prevent resource abuse

[Dmitry Monakhov]

- Mfsync is not standard interface let's hide it from VEs
- Limit number of files in single request.


https://jira.sw.ru/browse/PSBM-59965
https://jira.sw.ru/browse/PSBM-59966
Signed-off-by: Dmitry Monakhov <dmonakhov at openvz.org>
---
 fs/ext4/ioctl.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c
index cd831d5..9232330 100644
--- a/fs/ext4/ioctl.c
+++ b/fs/ext4/ioctl.c
@@ -783,12 +783,17 @@ resize_out:
 		__u32 __user *usr_fd;
 		int i, err;
 
+		if (!ve_is_super(get_exec_env()))
+			return -ENOTSUPP;
 		if (copy_from_user(&mfsync, (struct ext4_ioc_mfsync_info *)arg,
 				   sizeof(mfsync)))
 			return -EFAULT;
 
 		if (mfsync.size == 0)
 			return 0;
+		if (mfsync.size > NR_FILE)
+			return -ENFILE;
+
 		usr_fd = (__u32 __user *) (arg + sizeof(__u32));
 
 		filpp = kzalloc(mfsync.size * sizeof(*filp), GFP_KERNEL);
-- 
1.8.3.1