From: "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
To: Linus Torvalds <torvalds@linux-foundation.org>,
Peter Zijlstra <peterz@infradead.org>
Cc: Dave Hansen <dave.hansen@intel.com>,
"Kirill A. Shutemov" <kirill@shutemov.name>,
Andy Lutomirski <luto@kernel.org>,
Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>, X86 ML <x86@kernel.org>,
Borislav Petkov <bpetkov@suse.de>,
Greg KH <gregkh@linuxfoundation.org>,
Kees Cook <keescook@google.com>, Hugh Dickins <hughd@google.com>,
Brian Gerst <brgerst@gmail.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
Denys Vlasenko <dvlasenk@redhat.com>,
Boris Ostrovsky <boris.ostrovsky@oracle.com>,
Juergen Gross <jgross@suse.com>,
David Laight <David.Laight@aculab.com>,
Eduardo Valentin <eduval@amazon.com>,
"Liguori, Anthony" <aliguori@amazon.com>,
Will Deacon <will.deacon@arm.com>,
"linux-mm@kvack.org" <linux-mm@kvack.org>,
"Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Subject: Re: [patch 05/16] mm: Allow special mappings with user access cleared
Date: Thu, 14 Dec 2017 10:23:21 +0530 [thread overview]
Message-ID: <87ind9di66.fsf@linux.vnet.ibm.com> (raw)
In-Reply-To: <CA+55aFw0JTRDXked3_OJ+cFx59BE18yDWOt7-ZRTzFS10zYnrg@mail.gmail.com>
Linus Torvalds <torvalds@linux-foundation.org> writes:
> On Wed, Dec 13, 2017 at 7:54 AM, Peter Zijlstra <peterz@infradead.org> wrote:
>>
>> Which is why get_user_pages() _should_ enforce this.
>>
>> What use are protection keys if you can trivially circumvent them?
>
> No, we will *not* worry about protection keys in get_user_pages().
>
> They are not "security". They are a debug aid and safety against random mis-use.
>
> In particular, they are very much *NOT* about "trivially circumvent
> them". The user could just change their mapping thing, for chrissake!
>
> We already allow access to PROT_NONE for gdb and friends, very much on purpose.
>
Can you clarify this? We recently did fix read access on PROT_NONE via
gup here for ppc64 https://lkml.kernel.org/r/20171204021912.25974-2-aneesh.kumar@linux.vnet.ibm.com
What is the expected behaviour against gup and get_user_pages for
PROT_NONE.
Another issue is we end up behaving differently with PROT_NONE mapping
based on whether autonuma is enabled or not. For a PROT_NONE mapping we
return true with pte_protnone().
-aneesh
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-12-14 4:53 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-12 17:32 [patch 00/16] x86/ldt: Use a VMA based read only mapping Thomas Gleixner
2017-12-12 17:32 ` [patch 01/16] arch: Allow arch_dup_mmap() to fail Thomas Gleixner
2017-12-12 17:32 ` [patch 02/16] x86/ldt: Rework locking Thomas Gleixner
2017-12-12 17:32 ` [patch 03/16] x86/ldt: Prevent ldt inheritance on exec Thomas Gleixner
2017-12-12 17:32 ` [patch 04/16] mm/softdirty: Move VM_SOFTDIRTY into high bits Thomas Gleixner
2017-12-12 17:32 ` [patch 05/16] mm: Allow special mappings with user access cleared Thomas Gleixner
2017-12-12 18:00 ` Andy Lutomirski
2017-12-12 18:05 ` Peter Zijlstra
2017-12-12 18:06 ` Andy Lutomirski
2017-12-12 18:25 ` Peter Zijlstra
2017-12-13 12:22 ` Peter Zijlstra
2017-12-13 12:57 ` Kirill A. Shutemov
2017-12-13 14:34 ` Peter Zijlstra
2017-12-13 14:43 ` Kirill A. Shutemov
2017-12-13 15:00 ` Peter Zijlstra
2017-12-13 15:04 ` Peter Zijlstra
2017-12-13 15:14 ` Dave Hansen
2017-12-13 15:32 ` Peter Zijlstra
2017-12-13 15:47 ` Dave Hansen
2017-12-13 15:54 ` Peter Zijlstra
2017-12-13 18:08 ` Linus Torvalds
2017-12-13 18:21 ` Dave Hansen
2017-12-13 18:23 ` Linus Torvalds
2017-12-13 18:31 ` Andy Lutomirski
2017-12-13 18:32 ` Peter Zijlstra
2017-12-13 18:35 ` Linus Torvalds
2017-12-14 4:53 ` Aneesh Kumar K.V [this message]
2017-12-13 21:50 ` Matthew Wilcox
2017-12-13 22:12 ` Peter Zijlstra
2017-12-14 0:10 ` Matthew Wilcox
2017-12-14 0:16 ` Andy Lutomirski
2017-12-12 17:32 ` [patch 06/16] mm: Provide vm_special_mapping::close Thomas Gleixner
2017-12-12 17:32 ` [patch 07/16] selftest/x86: Implement additional LDT selftests Thomas Gleixner
2017-12-12 17:32 ` [patch 08/16] selftests/x86/ldt_gdt: Prepare for access bit forced Thomas Gleixner
2017-12-12 17:32 ` [patch 09/16] mm: Make populate_vma_page_range() available Thomas Gleixner
2017-12-12 17:32 ` [patch 10/16] x86/ldt: Do not install LDT for kernel threads Thomas Gleixner
2017-12-12 17:57 ` Andy Lutomirski
2017-12-12 17:32 ` [patch 11/16] x86/ldt: Force access bit for CS/SS Thomas Gleixner
2017-12-12 18:03 ` Andy Lutomirski
2017-12-12 18:09 ` Peter Zijlstra
2017-12-12 18:10 ` Andy Lutomirski
2017-12-12 18:22 ` Andy Lutomirski
2017-12-12 18:29 ` Peter Zijlstra
2017-12-12 18:41 ` Thomas Gleixner
2017-12-12 19:04 ` Peter Zijlstra
2017-12-12 19:05 ` Linus Torvalds
2017-12-12 19:26 ` Andy Lutomirski
2017-12-19 12:10 ` David Laight
2017-12-12 17:32 ` [patch 12/16] x86/ldt: Reshuffle code Thomas Gleixner
2017-12-12 17:32 ` [patch 13/16] x86/ldt: Introduce LDT write fault handler Thomas Gleixner
2017-12-12 17:58 ` Andy Lutomirski
2017-12-12 18:19 ` Peter Zijlstra
2017-12-12 18:43 ` Thomas Gleixner
2017-12-12 19:01 ` Linus Torvalds
2017-12-12 19:21 ` Thomas Gleixner
2017-12-12 19:51 ` Linus Torvalds
2017-12-12 20:21 ` Dave Hansen
2017-12-12 20:37 ` Thomas Gleixner
2017-12-12 21:35 ` Andy Lutomirski
2017-12-12 21:42 ` Thomas Gleixner
2017-12-12 21:41 ` Thomas Gleixner
2017-12-12 21:46 ` Thomas Gleixner
2017-12-12 22:25 ` Peter Zijlstra
2017-12-12 17:32 ` [patch 14/16] x86/ldt: Prepare for VMA mapping Thomas Gleixner
2017-12-12 17:32 ` [patch 15/16] x86/ldt: Add VMA management code Thomas Gleixner
2017-12-12 17:32 ` [patch 16/16] x86/ldt: Make it read only VMA mapped Thomas Gleixner
2017-12-12 18:03 ` [patch 00/16] x86/ldt: Use a VMA based read only mapping Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ind9di66.fsf@linux.vnet.ibm.com \
--to=aneesh.kumar@linux.vnet.ibm.com \
--cc=David.Laight@aculab.com \
--cc=aliguori@amazon.com \
--cc=boris.ostrovsky@oracle.com \
--cc=bpetkov@suse.de \
--cc=brgerst@gmail.com \
--cc=dave.hansen@intel.com \
--cc=dvlasenk@redhat.com \
--cc=eduval@amazon.com \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jgross@suse.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@google.com \
--cc=kirill.shutemov@linux.intel.com \
--cc=kirill@shutemov.name \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=will.deacon@arm.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox