From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 54AF7C19F2D for ; Tue, 9 Aug 2022 18:48:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id BE5148E0003; Tue, 9 Aug 2022 14:48:45 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id B94598E0001; Tue, 9 Aug 2022 14:48:45 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id A34CA8E0003; Tue, 9 Aug 2022 14:48:45 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 9284E8E0001 for ; Tue, 9 Aug 2022 14:48:45 -0400 (EDT) Received: from smtpin26.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 66998AB7FB for ; Tue, 9 Aug 2022 18:48:45 +0000 (UTC) X-FDA: 79780940610.26.55904D9 Received: from mail-ej1-f51.google.com (mail-ej1-f51.google.com [209.85.218.51]) by imf14.hostedemail.com (Postfix) with ESMTP id CD769100058 for ; Tue, 9 Aug 2022 18:48:44 +0000 (UTC) Received: by mail-ej1-f51.google.com with SMTP id dc19so23706904ejb.12 for ; Tue, 09 Aug 2022 11:48:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=DhUIuH+fIv77WJzm8eKuRBv3nR/JhYDUtxzpNkXaI2E=; b=OtCLH0do5IYLP3xRhX2XKN5rqVJR6zlV4hl/xmMCr0/f52r1aBM4edtcIvE8u9au8b yJAqKhenGtQuoWeme1R2oSE2YmJgYsCOMRYZO36i3m2QVZp048cs2P0WpncxTtN/vTMB nD81POpU1weccBApk3K2JDNk+T15xFvxrG/gc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=DhUIuH+fIv77WJzm8eKuRBv3nR/JhYDUtxzpNkXaI2E=; b=0ZYZ9I1I2/Y1fTGwdr3/JDB4a1TIQErNlP2DYw69U9R7pPuoevtaKfbi2fmyfU88ks l9Gqvirq6+zBGYxX18v7GDjyCdveueaTtyPyVghrk0I916d2NSLGC6/dzezBriCDSaTv HaLR8gls0aiuwnT2T5WsA1gcWgaQ3xsBgJqkEZdgsj1gBweN27CtgMHIx45msNQIhuCt y2hbCC+zhHq5AhrdzPxQBYbbJqredwbHmWVTRwak/D050tPnrRRiZCmLW5M2EiK2aoaJ sPBVy+D0SiXUoR5IOoB8fnluCCxsW1dbCSPX29VnNedI2uUTJU/fhwE8O9dh7MOKn98r LTsw== X-Gm-Message-State: ACgBeo0An9Nb0s78Pna4khrUs4Dz3oRxgzlcmuUTcoXJFXStqM3pNWK4 mxGbUrOVDBSeQjjB3QRop9CtdIw8No4/xE05qTc= X-Google-Smtp-Source: AA6agR4cvGthj1naaVPHBOu+hdPwWgq9k+19iRDcCp5y/H1Ojo28Y6w7keGBRUhpQBy5Ekual9ylTQ== X-Received: by 2002:a17:907:6930:b0:731:880e:3b53 with SMTP id rb48-20020a170907693000b00731880e3b53mr3841921ejc.436.1660070923078; Tue, 09 Aug 2022 11:48:43 -0700 (PDT) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com. [209.85.128.48]) by smtp.gmail.com with ESMTPSA id b16-20020aa7c6d0000000b0043bb8023caesm6316302eds.62.2022.08.09.11.48.42 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 09 Aug 2022 11:48:42 -0700 (PDT) Received: by mail-wm1-f48.google.com with SMTP id a11so6720593wmq.3 for ; Tue, 09 Aug 2022 11:48:42 -0700 (PDT) X-Received: by 2002:a1c:f603:0:b0:3a5:23ca:3e7c with SMTP id w3-20020a1cf603000000b003a523ca3e7cmr12452214wmc.38.1660070921906; Tue, 09 Aug 2022 11:48:41 -0700 (PDT) MIME-Version: 1.0 References: <20220808073232.8808-1-david@redhat.com> In-Reply-To: <20220808073232.8808-1-david@redhat.com> From: Linus Torvalds Date: Tue, 9 Aug 2022 11:48:25 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW To: David Hildenbrand Cc: linux-kernel@vger.kernel.org, linux-mm@kvack.org, stable@vger.kernel.org, Andrew Morton , Greg Kroah-Hartman , Axel Rasmussen , Peter Xu , Hugh Dickins , Andrea Arcangeli , Matthew Wilcox , Vlastimil Babka , John Hubbard , Jason Gunthorpe Content-Type: text/plain; charset="UTF-8" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1660070925; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=DhUIuH+fIv77WJzm8eKuRBv3nR/JhYDUtxzpNkXaI2E=; b=YtB0Q7SnVCRJTEi9pWggAA72uha49IgDq01YxXgmF3k8bTSlmH0QBrsHNvByOu5IGuATLI 2YU5pIHdO5KWfCGc+RiTl/VTeX3gE5R987B+wJZ4OWisru9sp/GEf+FhO6ZVJjU84+oU66 jkFKYgEZQYkcyFAUCCXf+9+qD+xNspo= ARC-Authentication-Results: i=1; imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=OtCLH0do; dmarc=none; spf=pass (imf14.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.218.51 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1660070925; a=rsa-sha256; cv=none; b=71eIgRXUcvzkcw1Yi4XvREKjD46C36qYpHk7/rxOcYO+h5Dkbk/BEFmeYCEfGQSsL14eN2 EXPzQQVqYA62sRPIDsVjF/VOU2VwJqEQmLgwUHPV/WxVKPuBh0Xjyzqa9mSiXVeD0dEdBV TMmBxwIQoWvbO9ct7TbGDeyfw6dLiNg= X-Rspamd-Queue-Id: CD769100058 Authentication-Results: imf14.hostedemail.com; dkim=pass header.d=linux-foundation.org header.s=google header.b=OtCLH0do; dmarc=none; spf=pass (imf14.hostedemail.com: domain of torvalds@linuxfoundation.org designates 209.85.218.51 as permitted sender) smtp.mailfrom=torvalds@linuxfoundation.org X-Rspam-User: X-Rspamd-Server: rspam07 X-Stat-Signature: gqe46kaipgipf8mftpz3js7txnwarny7 X-HE-Tag: 1660070924-123491 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Aug 8, 2022 at 12:32 AM David Hildenbrand wrote: > > For example, a write() via /proc/self/mem to a uffd-wp-protected range has > to fail instead of silently granting write access and bypassing the > userspace fault handler. This, btw, just makes me go "uffd-wp is broken garbage" once more. It also makes me go "if uffd-wp can disallow ptrace writes, then why doesn't regular write protect do it"? IOW, I don't think the patch is wrong (apart from the VM_BUG_ON's that absolutely must go away), but I get the strong feelign that we instead should try to get rid of FOLL_FORCE entirely. If some other user action can stop FOLL_FORCE anyway, then why do we support it at all? Linus