Re: [PATCH v2 1/2] rust_binder: check ownership before using vma

Next message: Johannes Weiner: "Re: [PATCH 3/3] mm/page_alloc: remove pcpu_spin_* wrappers"
Previous message: Andreas Kemnade: "[PATCH] i2c: i2c-core-base: fix devicetree alias handling"
Next in thread: Jann Horn: "Re: [PATCH v2 1/2] rust_binder: check ownership before using vma"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Carlos Llamas

Date: Mon Mar 02 2026 - 12:24:59 EST

On Wed, Feb 18, 2026 at 11:53:26AM +0000, Alice Ryhl wrote:
> When installing missing pages (or zapping them), Rust Binder will look
> up the vma in the mm by address, and then call vm_insert_page (or
> zap_page_range_single). However, if the vma is closed and replaced with
> a different vma at the same address, this can lead to Rust Binder
> installing pages into the wrong vma.
>
> By installing the page into a writable vma, it becomes possible to write
> to your own binder pages, which are normally read-only. Although you're
> not supposed to be able to write to those pages, the intent behind the
> design of Rust Binder is that even if you get that ability, it should not
> lead to anything bad. Unfortunately, due to another bug, that is not the
> case.

This all makes sense to me. What I'm missing though is why not reject
VM_WRITE mappings all together? Is there a downside or something that
prevents us from setting this check?

--
Carlos Llamas