On Thu, Dec 14, 2017 at 2:24 PM, Peter Zijlstra wrote:
>
> get_user_pages_fast() (both of them) do indeed test access_ok(), but the
> regular get_user_pages() does not, I suspect because it can operate on a
> foreign mm.
That sounds wrong.
We actually had some very serious reasons why get_user_p
On Thu, Dec 14, 2017 at 2:23 PM, Thomas Gleixner wrote:
>
> The user knows the LDT contents because he put it there and it can be read
> via modify_ldt(0, ) anyway. Or am I misunderstanding what you are trying to
> say?
I don't think they are secret, it's more of a "if they can read it,
they can
> On Dec 14, 2017, at 2:15 PM, Linus Torvalds
> wrote:
>
>> On Thu, Dec 14, 2017 at 2:11 PM, Andy Lutomirski wrote:
>>
>> That seems to rather defeat the point of using a VMA, though.
>
> There never was any point in using a VMA per se.
>
> The point was always to just map the damn thing i
On Thu, Dec 14, 2017 at 02:14:00PM -0800, Linus Torvalds wrote:
> On Thu, Dec 14, 2017 at 2:02 PM, Peter Zijlstra wrote:
> >
> > _Should_ being the operative word, because I cannot currently see it
> > DTRT. But maybe I'm missing the obvious -- I tend to do that at times.
>
> At least the old get
On Thu, 14 Dec 2017, Linus Torvalds wrote:
> On Thu, Dec 14, 2017 at 1:22 PM, Andy Lutomirski wrote:
> >
> > Which kind of kills the whole thing. There's no way the idea of
> > putting the LDT in a VMA is okay if it's RW.
>
> Sure there is.
>
> I really don't understand why you guys think it h
On Thu, Dec 14, 2017 at 2:11 PM, Andy Lutomirski wrote:
>
> That seems to rather defeat the point of using a VMA, though.
There never was any point in using a VMA per se.
The point was always to just map the damn thing in the user page
tables, wasn't it?
The vma bit was just an implementation d
On Thu, Dec 14, 2017 at 2:02 PM, Peter Zijlstra wrote:
>
> _Should_ being the operative word, because I cannot currently see it
> DTRT. But maybe I'm missing the obvious -- I tend to do that at times.
At least the old get_user_pages_fast() code used to check the USER bit:
unsigned long n
> On Dec 14, 2017, at 1:48 PM, Linus Torvalds
> wrote:
>
> On Thu, Dec 14, 2017 at 1:44 PM, Linus Torvalds
> wrote:
>>
>> So it clearly needs to have the PAGE_USER bit clear (to avoid users
>> accessing it directly), and it needs to be marked somehow for
>> get_user_pages() to refuse it too,
On Thu, Dec 14, 2017 at 01:48:50PM -0800, Linus Torvalds wrote:
> Actually, just clearing PAGE_USER should make gup avoid it automatically.
_Should_ being the operative word, because I cannot currently see it
DTRT. But maybe I'm missing the obvious -- I tend to do that at times.
We don't appear t
On Thu, Dec 14, 2017 at 1:44 PM, Linus Torvalds
wrote:
>
> So it clearly needs to have the PAGE_USER bit clear (to avoid users
> accessing it directly), and it needs to be marked somehow for
> get_user_pages() to refuse it too, and access_ok() needs to fail it so
> that we can't do get_user/put_us
On Thu, Dec 14, 2017 at 1:22 PM, Andy Lutomirski wrote:
>
> Which kind of kills the whole thing. There's no way the idea of
> putting the LDT in a VMA is okay if it's RW.
Sure there is.
I really don't understand why you guys think it has to be RO.
All it has to be is not _user_ accessible. And
On Thu, Dec 14, 2017 at 11:43 AM, Linus Torvalds
wrote:
> On Thu, Dec 14, 2017 at 8:20 AM, Andy Lutomirski wrote:
>>
>> If this turns out to need reverting because it breaks Wine or
>> something, we're really going to regret it.
>
> I really don't see that as very likely. We already play other (m
On Thu, Dec 14, 2017 at 8:20 AM, Andy Lutomirski wrote:
>
> If this turns out to need reverting because it breaks Wine or
> something, we're really going to regret it.
I really don't see that as very likely. We already play other (much
more fundamental) games with segments.
But I do agree that i
On Thu, Dec 14, 2017 at 3:27 AM, Peter Zijlstra wrote:
> From: Thomas Gleixner
>
> In order to make the LDT mapping RO the access bit needs to be forced by
> the kernel. Adjust the test case so it handles that gracefully.
If this turns out to need reverting because it breaks Wine or
something, w
14 matches
Mail list logo
