Re: [PATCH v2 01/17] mm/gup: Fixup p*_access_permitted()
From: Linus Torvalds
Date: Fri Dec 15 2017 - 20:06:00 EST
On Fri, Dec 15, 2017 at 4:31 PM, Al Viro <viro@xxxxxxxxxxxxxxxxxx> wrote:
>>
>> The fact is, if we have non-user mappings in the user part of the
>> address space, we _need_ to teach access_ok() about them, because
>> fundamentally any "get_user()/put_user()" will happily ignore the lack
>> of PAGE_USER (since those happen from kernel space).
>
> Details, please - how *can* access_ok() be taught of that?
We'd have to do something like put the !PAGE_USER mapping at the top
of the user address space, and then simply make user_addr_max()
smaller than the actual user page table size.
Or some other silly hack.
I do not believe there is any sane way to have !PAGE_USER in
_general_, if you actually want to limit access to it.
(We _could_ use !PAGE_USER for things that aren't really strictly
about security - ie we could have used it for the NUMA balancing
instead of using the P bit, and just let put_user/get_user blow
through them).
Linus