Re: [PATCH 1/3] mm: vmalloc: export __vmalloc_node_range

From: Matthew Wilcox
Date: Tue Jul 23 2024 - 20:16:19 EST

Next message: Inochi Amaoto: "Re: [PATCH v2 1/7] dt-bindings: pinctrl: Add pinctrl for Sophgo CV1800 series SoC."
Previous message: syzbot: "Re: [syzbot] [bcachefs?] WARNING in bch2_trans_srcu_unlock"
In reply to: Andrew Morton: "Re: [PATCH 1/3] mm: vmalloc: export __vmalloc_node_range"
Next in thread: Christoph Hellwig: "Re: [PATCH 1/3] mm: vmalloc: export __vmalloc_node_range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jul 23, 2024 at 05:00:43PM -0700, Andrew Morton wrote:
> On Fri, 19 Jul 2024 13:42:40 +0100 Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
>
> > On Fri, Jul 19, 2024 at 07:58:40AM -0400, Mary Strodl wrote:
> > > Maybe some of the stuff the driver does right now could be moved into
> > > vmalloc? In other words, we could provide a different function that
> > > allocates an executable page, copies memory into it, then marks it
> > > read-only. Would that do better to alleviate concerns?
> >
> > No. We are not running arbitrary x86 code. That is a security
> > nightmare.
>
> Sure, if such a thing were to be done we'd want it localized within the
> driver rather than offered globally.
>
> But if there was some hack within the driver to do this, what problems
> might that cause? What are the scenarios?

That we're running arbitrary x86 code (provided by the manufacturer)
inside the kernel where it can undermine every security guarantee we
provide?

Next message: Inochi Amaoto: "Re: [PATCH v2 1/7] dt-bindings: pinctrl: Add pinctrl for Sophgo CV1800 series SoC."
Previous message: syzbot: "Re: [syzbot] [bcachefs?] WARNING in bch2_trans_srcu_unlock"
In reply to: Andrew Morton: "Re: [PATCH 1/3] mm: vmalloc: export __vmalloc_node_range"
Next in thread: Christoph Hellwig: "Re: [PATCH 1/3] mm: vmalloc: export __vmalloc_node_range"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]