From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6E84C77B7E for ; Fri, 28 Apr 2023 18:27:08 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 6A1E96B007D; Fri, 28 Apr 2023 14:27:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 679A46B007E; Fri, 28 Apr 2023 14:27:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 456E86B0080; Fri, 28 Apr 2023 14:27:08 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 391246B007D for ; Fri, 28 Apr 2023 14:27:08 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 00222AC9F1 for ; Fri, 28 Apr 2023 18:27:07 +0000 (UTC) X-FDA: 80731631694.06.910F744 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by imf06.hostedemail.com (Postfix) with ESMTP id 15B9E180015 for ; Fri, 28 Apr 2023 18:27:05 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=fail ("headers rsa verify failed") header.d=mit.edu header.s=outgoing header.b=AMh5xv+j; spf=pass (imf06.hostedemail.com: domain of tytso@mit.edu designates 18.9.28.11 as permitted sender) smtp.mailfrom=tytso@mit.edu; dmarc=pass (policy=none) header.from=mit.edu ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1682706426; a=rsa-sha256; cv=none; b=8VhnwgKvhv0I8rB3b5em6Jhs86Ko5Jb+Al16NeZXMprtzLB1vMfGfvyWlNqApvZBSJK6qU jH/dLQSUYtIUOR7higPU5KqZ9Y//lWZXFrouQV1Eu9IWafLd67ZRllzF+lWjmkXh8jJU23 8/30M2iB7ee8NJc+wFEeI+ikJdLhl0Y= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=fail ("headers rsa verify failed") header.d=mit.edu header.s=outgoing header.b=AMh5xv+j; spf=pass (imf06.hostedemail.com: domain of tytso@mit.edu designates 18.9.28.11 as permitted sender) smtp.mailfrom=tytso@mit.edu; dmarc=pass (policy=none) header.from=mit.edu ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1682706426; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+QeRTh3Q792/eFaJgfAgGyTYF+cryOwA6A0C+nRVDy8=; b=Hfk70LNvcNgGvh+DpnnZ3dfAElgmSYKNjF+mCvq9Rf7vPdnUExallfyReSYOOs3eIqpIpF uIDbzhe6okJYcZBmOvCmfvw6QgQNft2wVn3+42EpcvHW1GPdqqJboG9etgTJgJWDpUw/za ouyNrP6ntPl7fxVNlmb5C9Sbl3wRIvY= Received: from letrec.thunk.org ([76.150.80.181]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 33SIPsvO024394 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 28 Apr 2023 14:25:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=outgoing; t=1682706363; bh=+QeRTh3Q792/eFaJgfAgGyTYF+cryOwA6A0C+nRVDy8=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=AMh5xv+jG+n9laJ4e0qLg3l6ymmeae7bAXwqrq4kE8f9OTLDZec1GN/EZ4P11VjB7 r7tdp+zdX1OwYKlDp+K5fMVWj0mHfs68d3QH3Ak6FfD/zOf0HeAfsuD0nOiJBObAD9 oLIceXgN8fEn9ItUp1TEodH8IuHPQm/vCmstG89u0yJfAIVgz+nUoS5GMv0EvyLAy+ wWf7gGYeXDT2RGdrlTOO9RatuD0Rdhg4poRc4X7OvNvkL0Hjb/gtXj+quB83D9R8UX 4Y4y0g9DMWE0P4vfvb8BkRELNhxxIwazgFHVscRWZAnwkhiC8/6hz7tspIL09c5E2/ FI/r3M817jUPA== Received: by letrec.thunk.org (Postfix, from userid 15806) id 164EF8C01E0; Fri, 28 Apr 2023 14:25:53 -0400 (EDT) Date: Fri, 28 Apr 2023 14:25:53 -0400 From: "Theodore Ts'o" To: Jason Gunthorpe Cc: David Hildenbrand , Lorenzo Stoakes , linux-mm@kvack.org, linux-kernel@vger.kernel.org, Andrew Morton , Jens Axboe , Matthew Wilcox , Dennis Dalessandro , Leon Romanovsky , Christian Benvenuti , Nelson Escobar , Bernard Metzler , Peter Zijlstra , Ingo Molnar , Arnaldo Carvalho de Melo , Mark Rutland , Alexander Shishkin , Jiri Olsa , Namhyung Kim , Ian Rogers , Adrian Hunter , Bjorn Topel , Magnus Karlsson , Maciej Fijalkowski , Jonathan Lemon , "David S . Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Christian Brauner , Richard Cochran , Alexei Starovoitov , Daniel Borkmann , Jesper Dangaard Brouer , John Fastabend , linux-fsdevel@vger.kernel.org, linux-perf-users@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, Oleg Nesterov , John Hubbard , Jan Kara , "Kirill A . Shutemov" , Pavel Begunkov , Mika Penttila , David Howells , Christoph Hellwig Subject: Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default Message-ID: References: <6b73e692c2929dc4613af711bdf92e2ec1956a66.1682638385.git.lstoakes@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Queue-Id: 15B9E180015 X-Rspamd-Server: rspam01 X-Stat-Signature: 8paxtjewcwr6a6yad3ck9zso7wrse5cq X-HE-Tag: 1682706425-375218 X-HE-Meta: U2FsdGVkX1865A/iHmLUhdO6moABXj/1h2XBaZ3Vi4dC6ajXRYx6GNk60EkRMecwPK5qrnYKPXpqGzoav5+R6WzgTj62598gvQeMuli2oU46A+BpiPh5I/dRYySF92unjNmIsiyGuaKojzkQTKk3qJU3qIOXbF7HH3CApEq8nR3df2wGr3XSEWDUGaoZBZatZXq0xHDRapV5SJzcoJYyjuU6QvdyYKIb65xAHMKoeq50tU0geyhWwaayBgL3gT4laBp3793fHanlURnxCGvPCpT6PtYTSojrL7xFOLWZTIFCW4V550HyUJ0Po/DXki1siaEmh5p1UzVotZYHav55JvUQfwJeoqYA6ftye/aeA3txW6mH4L9jQqR8iHTomDYO4faXh1hKe4bf+w2Dxg1/O0xAmq4R25jSeMpvC5Y7k0WhoZD0uNtnZkTb/rQGot9TmB52MdeFTmxNT4xF7DbQ2F932TKDPAK59rKiWQqVvqeWViD/TKScqukez/tK/FyAe1todIeDudJdcML+S+Awitu3HF9NHotjW9fMMvv1gHw0KfuXN/5/Nw6/EXfIlik9xpasI07mH8SjAQFYbTbvOq6he0qtsWO3FJeFCLiIwVmn0xTTXaxH1gXHp/qLkpICEtC41aCr/iHWmQnoFTbr+zWlv2w9eU91feBYNW3/xygoMy6cFvWXlEd/rjXYjrnHrCI8prLWdTlBJEPXXYt4u2A+bbYlpxlOsGTyck+Uw12RvS5YzKIgwyO7hL5TiQAao8cOCPhFQK2/2DaCJD/IHpqNhuesgVq0jEVQb3xiWMFIWiFzak3vmbIzL/YICHa+qod2EPFqRZ2dWx7oBeCM8A9db0VlhBI7JRg2STKwl3xeTLSOWSlz18Fgz26uPswKV2RjdNEjbGBibXzbsQbxoPmd5EYZZFnqNDkUpQv2NMz0S4kKf8ye/4nzjEfSPtE52LRdxjDzhYl43Rgvpmk KU/KDhCe cobKShVwVJ9BFykY7gYrz/5uaO2jXLqOpVcDI3J4CZH7Bm4SCZ8CLqGGF9gqB8mRXpUMyNyAF6WKwbdQ2EuFAa1X4uCO8EqWshstH+XA64PazWKhDh8ocV2Woq/UQexbEMKOC5QhPMkWrhydwYlvSmN88zTnvVxHMzhB5gy0kr5SqsgF/oS+B2xYslqVemd6jirMCiqKb/qjknh9LZ4yooY+/z8iCUGdN94OnvwnJG/RUpxf06xGGGiDRBhu6DX4c/ocfHjwBOe7F3aOEzaT6LY5FVazT2yxSyjuLyfIH7EQGPSTNBbSQ5DlJcmSP1AuUSWS7 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Apr 28, 2023 at 11:35:32AM -0300, Jason Gunthorpe wrote: > > It has been years now, I think we need to admit a fix is still years > away. Blocking the security problem may even motivate more people to > work on a fix. Do we think we can still trigger a kernel crash, or maybe even some more exciting like an arbitrary buffer overrun, via the process_vm_writev(2) system call into a file-backed mmap'ed region? Maybe if someone can come up with an easy-to-expliot security proof of aconcept, that doesn't require special RDMA hardware or some special libvirt setup, we could finally get motivation to get it fixed, or at least blocked? :-) We've only been talking about it for years, after all... - Ted > Security is the primary case where we have historically closed uAPI > items. > > Jason