Re: [patch 05/16] mm: Allow special mappings with user access cleared

From: Dave Hansen
Date: Wed Dec 13 2017 - 13:21:24 EST


On 12/13/2017 10:08 AM, Linus Torvalds wrote:
> On Wed, Dec 13, 2017 at 7:54 AM, Peter Zijlstr <peterz@xxxxxxxxxxxxx> wrote:
>> Which is why get_user_pages() _should_ enforce this.
>>
>> What use are protection keys if you can trivially circumvent them?
> No, we will *not* worry about protection keys in get_user_pages().

We did introduce some support for it here:

> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33a709b25a760b91184bb335cf7d7c32b8123013

> They are not "security". They are a debug aid and safety against
> random mis-use.

Totally agree. It's not about security. As I mentioned in the commit,
the goal here was to try to make pkey-protected access behavior
consistent with mprotect().

I still think this was nice to do and probably surprises users less than
if we didn't have it.

> We already allow access to PROT_NONE for gdb and friends, very much on purpose.

Yup, exactly, and that's one of the reasons that I tried to call those
out as "remote" access that are specicifially no subject to protection keys.