Re: [patch 05/16] mm: Allow special mappings with user access cleared

From: Peter Zijlstra
Date: Wed Dec 13 2017 - 10:32:37 EST

Next message: Auger Eric: "Re: [PATCH] vfio: Simplify capability helper"
Previous message: Tejun Heo: "Re: Crash in cgroup_procs_show"
In reply to: Dave Hansen: "Re: [patch 05/16] mm: Allow special mappings with user access cleared"
Next in thread: Dave Hansen: "Re: [patch 05/16] mm: Allow special mappings with user access cleared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 13, 2017 at 07:14:41AM -0800, Dave Hansen wrote:
> On 12/13/2017 04:57 AM, Kirill A. Shutemov wrote:
> > Dave, what is effect of this on protection keys?
>
> The goal was to make pkeys-protected userspace memory access
> _consistent_ with normal access. Specifically, we want a kernel to
> disallow access (or writes) to memory where userspace mapping has a pkey
> whose permissions are in conflict with the access.
>
> For instance:
>
> This will fault writing a byte to 'addr':
>
> char *addr = malloc(PAGE_SIZE);
> pkey_mprotect(addr, PAGE_SIZE, 13);
> pkey_deny_access(13);
> *addr[0] = 'f';
>
> But this will write one byte to addr successfully (if it uses the kernel
> mapping of the physical page backing 'addr'):
>
> char *addr = malloc(PAGE_SIZE);
> pkey_mprotect(addr, PAGE_SIZE, 13);
> pkey_deny_access(13);
> read(fd, addr, 1);
>

This seems confused to me; why are these two cases different?

Next message: Auger Eric: "Re: [PATCH] vfio: Simplify capability helper"
Previous message: Tejun Heo: "Re: Crash in cgroup_procs_show"
In reply to: Dave Hansen: "Re: [patch 05/16] mm: Allow special mappings with user access cleared"
Next in thread: Dave Hansen: "Re: [patch 05/16] mm: Allow special mappings with user access cleared"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]