From: Hugh Dickins <hugh@veritas.com>
To: Arjan van de Ven <arjan@infradead.org>
Cc: linux-mm@kvack.org, Rohit Seth <rohitseth@google.com>,
David Howells <dhowells@redhat.com>,
Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Peter Zijlstra <a.p.zijlstra@chello.nl>,
Christoph Lameter <clameter@sgi.com>
Subject: Re: tracking dirty pages patches
Date: Wed, 24 May 2006 16:10:08 +0100 (BST) [thread overview]
Message-ID: <Pine.LNX.4.64.0605241558380.12355@blonde.wat.veritas.com> (raw)
In-Reply-To: <1148437514.3049.18.camel@laptopd505.fenrus.org>
On Wed, 24 May 2006, Arjan van de Ven wrote:
> On Tue, 2006-05-23 at 21:34 +0100, Hugh Dickins wrote:
>
> > You mentioned in one of the mails that went past that you'd seen
> > drivers enforcing VM_LOCKED in vm_flags: aren't those just drivers
> > copying other drivers which did so, but achieving nothing thereby,
> > to be cleaned up in due course? (The pages aren't even on LRU.)
>
> I would like to know which, because in general this is a security hole:
> Any driver that depends on locked meaning "doesn't move" can be fooled
> by the user into becoming unlocked... (by virtue of having another
> thread do an munlock on the memory). As such no kernel driver should
> depend on this, and as far as I know, no kernel driver actually does.
You'll have seen the list in Christoph's patch. But they're all
remap_pfn_range users, largely copied one from another, and their
pages won't become freeable even if the user munlocks.
However, that munlocking will lower locked_vm when it shouldn't
touch it. I suppose the ingenious might mmap and munmap such a
driver in order to lock another mapping beyond RLIMIT_MEMLOCK.
Perhaps that raises the priority of Christoph's patch?
Hugh
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2006-05-24 15:10 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-05-22 19:31 Hugh Dickins
2006-05-22 20:29 ` Andrew Morton
2006-05-23 8:17 ` Nick Piggin
2006-05-23 14:55 ` Hugh Dickins
2006-05-23 16:24 ` Christoph Lameter
2006-05-23 19:21 ` Hugh Dickins
2006-05-23 19:31 ` Christoph Lameter
2006-05-23 20:34 ` Hugh Dickins
2006-05-23 21:16 ` Christoph Lameter
2006-05-23 21:17 ` Chen, Kenneth W
2006-05-23 21:40 ` update_mmu_cache vs. lazy_mmu_prot_update Christoph Lameter
2006-05-24 14:12 ` Hugh Dickins
2006-05-23 22:28 ` remove VM_LOCKED before remap_pfn_range and drop VM_SHM Christoph Lameter
2006-05-24 14:57 ` Hugh Dickins
2006-05-24 2:25 ` tracking dirty pages patches Arjan van de Ven
2006-05-24 15:10 ` Hugh Dickins [this message]
2006-05-25 2:26 ` Arjan van de Ven
2006-05-23 16:41 ` David Howells
2006-05-23 23:07 ` Peter Zijlstra
2006-05-24 14:20 ` Hugh Dickins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Pine.LNX.4.64.0605241558380.12355@blonde.wat.veritas.com \
--to=hugh@veritas.com \
--cc=a.p.zijlstra@chello.nl \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=clameter@sgi.com \
--cc=dhowells@redhat.com \
--cc=linux-mm@kvack.org \
--cc=rohitseth@google.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox