From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 077D0C19F2D
	for <linux-mm@archiver.kernel.org>; Tue,  9 Aug 2022 18:41:11 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 8382E8E0002; Tue,  9 Aug 2022 14:41:10 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 7E7438E0001; Tue,  9 Aug 2022 14:41:10 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 6AEC88E0002; Tue,  9 Aug 2022 14:41:10 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13])
	by kanga.kvack.org (Postfix) with ESMTP id 5DB448E0001
	for <linux-mm@kvack.org>; Tue,  9 Aug 2022 14:41:10 -0400 (EDT)
Received: from smtpin31.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 2EF4B16112D
	for <linux-mm@kvack.org>; Tue,  9 Aug 2022 18:41:10 +0000 (UTC)
X-FDA: 79780921500.31.EECA2ED
Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46])
	by imf04.hostedemail.com (Postfix) with ESMTP id 9CDF640023
	for <linux-mm@kvack.org>; Tue,  9 Aug 2022 18:41:09 +0000 (UTC)
Received: by mail-ej1-f46.google.com with SMTP id gk3so23721766ejb.8
        for <linux-mm@kvack.org>; Tue, 09 Aug 2022 11:41:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linux-foundation.org; s=google;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc;
        bh=kVwCZBP8xiCx+3wLLImCHnMmFFTnJkwj0aGJ2jKqccw=;
        b=DHx27yMkHy1skZqXZ2CMAcU3H+mg0HNfe2zU+1flo3YTkK3PYdBupattYbASdmKGP4
         onlUm7uo5x58CUDTPSu0jSnI7jo4ZZMSdXxIK1xDJQ9zk0fM5KJrUtY9XVGV0r2ipCGE
         BmeEPBiTPHYD5cEp/375GgspyWLVT8sZcz/cI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc;
        bh=kVwCZBP8xiCx+3wLLImCHnMmFFTnJkwj0aGJ2jKqccw=;
        b=BqkKCabWAA8VXB5GAqeSOuTKWD3q8jYs9ZKRS0fFH5EHcSyJv3TGw0mZSXazvk8xFv
         2uVu8oXvDL9SlpZZgvpMAA2YM2izs3K8MOqQzl2gvB7TNaVuRM6yzFQWnX8B4mEKCnJ1
         j0FyEu1fmVDeT13b4niiyVB/w7GZfzvoFz5zxScyAoimFdFrZScBONFB0X6hEfw/wRVT
         jrfxTbY6gzxhYVfv8l/PMgUTkKIUtxuilWmjm8yFluz/2N1hKTysvF2pI8y7AK48twFN
         7CIVOT5FlPeghP+P0KrQ6heWcD4nPjphaFNsC5B5jluVhnC8dp6OcdyfwZmcqb0u1Q/4
         0ATQ==
X-Gm-Message-State: ACgBeo0FVQKStQBt7Q2jbc8E8q1rP3uOgYefAanJfwTf8ZUDdJ4lctAY
	avUt9mDs4Jb9axWQ88vAm/daUluewobZQqw2nHg=
X-Google-Smtp-Source: AA6agR6rILC+WQ471leyZa6ql5ncfISW4/8uvQpgNdUlkXoc602gYWjoEF5wCOy4Wvw/rbhDjXZaBQ==
X-Received: by 2002:a17:906:c781:b0:726:c967:8d1b with SMTP id cw1-20020a170906c78100b00726c9678d1bmr17965011ejb.54.1660070467687;
        Tue, 09 Aug 2022 11:41:07 -0700 (PDT)
Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com. [209.85.221.50])
        by smtp.gmail.com with ESMTPSA id o9-20020a170906358900b007313a2575d2sm1398176ejb.104.2022.08.09.11.41.06
        for <linux-mm@kvack.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 09 Aug 2022 11:41:07 -0700 (PDT)
Received: by mail-wr1-f50.google.com with SMTP id z17so15262008wrq.4
        for <linux-mm@kvack.org>; Tue, 09 Aug 2022 11:41:06 -0700 (PDT)
X-Received: by 2002:a5d:638b:0:b0:220:6e1a:8794 with SMTP id
 p11-20020a5d638b000000b002206e1a8794mr15353489wru.193.1660070466444; Tue, 09
 Aug 2022 11:41:06 -0700 (PDT)
MIME-Version: 1.0
References: <20220808073232.8808-1-david@redhat.com>
In-Reply-To: <20220808073232.8808-1-david@redhat.com>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Tue, 9 Aug 2022 11:40:50 -0700
X-Gmail-Original-Message-ID: <CAHk-=wi81ujYGP0gmyy2kDke_ExL742Lo_hLepGjCa8mS81A7w@mail.gmail.com>
Message-ID: <CAHk-=wi81ujYGP0gmyy2kDke_ExL742Lo_hLepGjCa8mS81A7w@mail.gmail.com>
Subject: Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW
To: David Hildenbrand <david@redhat.com>
Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, stable@vger.kernel.org, 
	Andrew Morton <akpm@linux-foundation.org>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, 
	Axel Rasmussen <axelrasmussen@google.com>, Peter Xu <peterx@redhat.com>, 
	Hugh Dickins <hughd@google.com>, Andrea Arcangeli <aarcange@redhat.com>, 
	Matthew Wilcox <willy@infradead.org>, Vlastimil Babka <vbabka@suse.cz>, John Hubbard <jhubbard@nvidia.com>, 
	Jason Gunthorpe <jgg@nvidia.com>
Content-Type: text/plain; charset="UTF-8"
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660070469; a=rsa-sha256;
	cv=none;
	b=cioz34WkJaFnuuGXNGmIadXfgfYNWRtVK7KehNCrAAd42ifHNgYlWzx9Tz4MwP9wgwPVJJ
	YLysSsGVNWi+C5eUJD4U8IuS8maCMVPGlNomb0LcAKyncgiAmGhzR6Bin4mPmiXSnMrcoj
	0J6wMvT7SK+k/LqLoySLJOe0GYXeznw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1660070469;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=kVwCZBP8xiCx+3wLLImCHnMmFFTnJkwj0aGJ2jKqccw=;
	b=zZFhrHeUWpz9ll0sSoTtCy3YiWAUXIcj6wIbl5+oXvdBMZmetM+zXjx3vNNqPLJvhUtrrM
	bTQV7BGHGHUEo7YjZgQStRL5tDfnwj2GXTGxqhMh2MRKRRbWx7KvlQf0mj256ScUpUwq7/
	4jJA2FD9V4mZNHRxTWKZdlUVxP2OFcI=
ARC-Authentication-Results: i=1;
	imf04.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=google header.b=DHx27yMk;
	spf=pass (imf04.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.218.46 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org;
	dmarc=none
X-Stat-Signature: 45adjebcu8r651w89nog4d9isib9nfs4
X-Rspam-User: 
X-Rspamd-Server: rspam04
X-Rspamd-Queue-Id: 9CDF640023
Authentication-Results: imf04.hostedemail.com;
	dkim=pass header.d=linux-foundation.org header.s=google header.b=DHx27yMk;
	spf=pass (imf04.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.218.46 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org;
	dmarc=none
X-HE-Tag: 1660070469-388545
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Aug 8, 2022 at 12:32 AM David Hildenbrand <david@redhat.com> wrote:
>
> For example, a write() via /proc/self/mem to a uffd-wp-protected range has
> to fail instead of silently granting write access and bypassing the
> userspace fault handler. Note that FOLL_FORCE is not only used for debug
> access, but also triggered by applications without debug intentions, for
> example, when pinning pages via RDMA.

So this made me go "Whaa?"

I didn't even realize that the media drivers and rdma used FOLL_FORCE.

That's just completely bogus.

Why do they do that?

It seems to be completely bogus, and seems to have no actual valid
reason for it. Looking through the history, it goes back to the
original code submission in 2006, and doesn't have a mention of why.

I think the original reason was that the code didn't have pinning, so
it used "do a write" as a pin mechanism - even for reads.

IOW, I think the non-ptrace use of FOLL_FORCE should just be removed.

                 Linus