Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752228AbdLLSHQ (ORCPT ); Tue, 12 Dec 2017 13:07:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:42738 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752596AbdLLSHN (ORCPT ); Tue, 12 Dec 2017 13:07:13 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org BB6F6218B4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org X-Google-Smtp-Source: ACJfBotb9iy/krHpCdhOqoKpNVJOZ1dQc+CVwaH0FWvZljc/mZXZvuywmHPZANAf4CQCfnBnZNfS1nDCDtN8DMUuSEg= MIME-Version: 1.0 In-Reply-To: <20171212180509.iewpmzdhvsusk2nk@hirez.programming.kicks-ass.net> References: <20171212173221.496222173@linutronix.de> <20171212173333.669577588@linutronix.de> <20171212180509.iewpmzdhvsusk2nk@hirez.programming.kicks-ass.net> From: Andy Lutomirski Date: Tue, 12 Dec 2017 10:06:51 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [patch 05/16] mm: Allow special mappings with user access cleared To: Peter Zijlstra Cc: Andy Lutomirski , Thomas Gleixner , LKML , X86 ML , Linus Torvalds , Dave Hansen , Borislav Petkov , Greg KH , Kees Cook , Hugh Dickins , Brian Gerst , Josh Poimboeuf , Denys Vlasenko , Boris Ostrovsky , Juergen Gross , David Laight , Eduardo Valentin , aliguori@amazon.com, Will Deacon , "linux-mm@kvack.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1085 Lines: 24 On Tue, Dec 12, 2017 at 10:05 AM, Peter Zijlstra wrote: > On Tue, Dec 12, 2017 at 10:00:08AM -0800, Andy Lutomirski wrote: >> On Tue, Dec 12, 2017 at 9:32 AM, Thomas Gleixner wrote: >> > From: Peter Zijstra >> > >> > In order to create VMAs that are not accessible to userspace create a new >> > VM_NOUSER flag. This can be used in conjunction with >> > install_special_mapping() to inject 'kernel' data into the userspace map. >> > >> > Similar to how arch_vm_get_page_prot() allows adding _PAGE_flags to >> > pgprot_t, introduce arch_vm_get_page_prot_excl() which masks >> > _PAGE_flags from pgprot_t and use this to implement VM_NOUSER for x86. >> >> How does this interact with get_user_pages(), etc? > > gup would find the page. These patches do in fact rely on that through > the populate things. > Blech. So you can write(2) from the LDT to a file and you can even sendfile it, perhaps. What happens if it's get_user_page()'d when modify_ldt() wants to free it? This patch series scares the crap out of me.