Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds

From: Andrew Morton
Date: Wed Aug 07 2024 - 17:45:03 EST

Next message: Peter Xu: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Previous message: Pali Rohár: "Re: [PATCH v2 1/2] platform/x86:dell-laptop: Add knobs to change battery charge settings"
In reply to: Peter Xu: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Next in thread: Andrew Morton: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 7 Aug 2024 17:34:10 -0400 Peter Xu <peterx@xxxxxxxxxx> wrote:

> The problem is mprotect() will skip the dax 1G PUD while it shouldn't;
> meanwhile it'll dump some bad PUD in dmesg. Both of them look like (corner
> case) bugs to me.. where:
>
> - skipping the 1G pud means mprotect() will succeed even if the pud won't
> be updated with the correct permission specified. Logically that can
> cause e.g. in mprotect(RO) then write the page can cause data corrupt,
> as the pud page will still be writable.
>
> - the bad pud will generate a pr_err() into dmesg, with no limit so far I
> can see. So I think it means an userspace can DoS the kernel log if it
> wants.. simply by creating the PUD and keep mprotect-ing it
>

I edited this important info into the [0/n] text, thanks.

So current kernels can be made to spew into the kernel logs? That's
considered serious. Can unprivileged userspace code do this?

Next message: Peter Xu: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Previous message: Pali Rohár: "Re: [PATCH v2 1/2] platform/x86:dell-laptop: Add knobs to change battery charge settings"
In reply to: Peter Xu: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Next in thread: Andrew Morton: "Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]