Re: [PATCH] mm: check VMA flags to avoid invalid PROT_NONE NUMA balancing

From: Rik van Riel
Date: Sun Sep 25 2016 - 20:49:41 EST

On Sun, 2016-09-25 at 15:50 -0700, Linus Torvalds wrote:
> On Sun, Sep 25, 2016 at 3:34 PM, Rik van Riel <riel@xxxxxxxxxx>
> wrote:
> >
> >
> > The patch looks good to me, too.
> >
> > Acked-by: Rik van Riel <riel@xxxxxxxxxx>
> Thanks, amended the commit since I hadn't pushed out yet.
> Btw, the only reason this bug could happen is that we do that
> "force=1" for remote vm accesses, which turns into FOLL_FORCE, which
> in turn will turn into us allowing an access even when we technically
> shouldn't.
> I'd really like to re-open the "drop FOLL_FORCE entirely" discussion,
> because the thing really is disgusting.
> I realize that debuggers etc sometimes would want to punch through
> PROT_NONE protections,

Reading the code for a little bit, it looks like get_user_pages
interprets both PROT_NONE and PAGE_NUMA ptes as present, and will
simply return the page to the caller.

Furthermore, if a page in a PROT_NONE VMA is actually not present,
it should be faulted in with PROT_NONE permissions, after which
the page is passed to the debugger.

That is, punching through PROT_NONE permissions should only happen
from outside of the process. Inside the process, PROT_NONE should
be preserved regardless of FOLL_FORCE.

All Rights Reversed.

Attachment: signature.asc
Description: This is a digitally signed message part