Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()

From: Linus Torvalds
Date: Fri Dec 15 2017 - 20:06:00 EST

Next message: Linus Torvalds: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Previous message: Baoquan He: "Re: [PATCH v2] x86/kexec: Exclude GART aperture from vmcore"
In reply to: Al Viro: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Next in thread: Peter Zijlstra: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Dec 15, 2017 at 4:31 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>>
>> The fact is, if we have non-user mappings in the user part of the
>> address space, we _need_ to teach access_ok() about them, because
>> fundamentally any "get_user()/put_user()" will happily ignore the lack
>> of PAGE_USER (since those happen from kernel space).
>
> Details, please - how *can* access_ok() be taught of that?

We'd have to do something like put the !PAGE_USER mapping at the top
of the user address space, and then simply make user_addr_max()
smaller than the actual user page table size.

Or some other silly hack.

I do not believe there is any sane way to have !PAGE_USER in
_general_, if you actually want to limit access to it.

(We _could_ use !PAGE_USER for things that aren't really strictly
about security - ie we could have used it for the NUMA balancing
instead of using the P bit, and just let put_user/get_user blow
through them).

Linus

Next message: Linus Torvalds: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Previous message: Baoquan He: "Re: [PATCH v2] x86/kexec: Exclude GART aperture from vmcore"
In reply to: Al Viro: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Next in thread: Peter Zijlstra: "Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]