On Sun, 2016-09-25 at 15:50 -0700, Linus Torvalds wrote: > On Sun, Sep 25, 2016 at 3:34 PM, Rik van Riel <r...@redhat.com> > wrote: > > > > > > The patch looks good to me, too. > > > > Acked-by: Rik van Riel <r...@redhat.com> > > Thanks, amended the commit since I hadn't pushed out yet. > > Btw, the only reason this bug could happen is that we do that > "force=1" for remote vm accesses, which turns into FOLL_FORCE, which > in turn will turn into us allowing an access even when we technically > shouldn't. > > I'd really like to re-open the "drop FOLL_FORCE entirely" discussion, > because the thing really is disgusting. > > I realize that debuggers etc sometimes would want to punch through > PROT_NONE protections,
Reading the code for a little bit, it looks like get_user_pages interprets both PROT_NONE and PAGE_NUMA ptes as present, and will simply return the page to the caller. Furthermore, if a page in a PROT_NONE VMA is actually not present, it should be faulted in with PROT_NONE permissions, after which the page is passed to the debugger. That is, punching through PROT_NONE permissions should only happen from outside of the process. Inside the process, PROT_NONE should be preserved regardless of FOLL_FORCE. -- All Rights Reversed.
signature.asc
Description: This is a digitally signed message part