Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753691AbdLMSbn (ORCPT ); Wed, 13 Dec 2017 13:31:43 -0500 Received: from mail.kernel.org ([198.145.29.99]:54686 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753144AbdLMSbj (ORCPT ); Wed, 13 Dec 2017 13:31:39 -0500 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org ECB7B21933 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org X-Google-Smtp-Source: ACJfBotx/jL0xVKpbu1eQ9LdkPJry2VHsD+yBZCoRX3Bn/QnELO+w4jP6ybW77UWOJbWyJ8fcP65KNudugqtBsoFv9w= MIME-Version: 1.0 In-Reply-To: References: <20171212173221.496222173@linutronix.de> <20171212173333.669577588@linutronix.de> <20171213122211.bxcb7xjdwla2bqol@hirez.programming.kicks-ass.net> <20171213125739.fllckbl3o4nonmpx@node.shutemov.name> <20171213153202.qtxnloxoc66lhsbf@hirez.programming.kicks-ass.net> <20171213155427.p24i2xdh2s65e4d2@hirez.programming.kicks-ass.net> From: Andy Lutomirski Date: Wed, 13 Dec 2017 10:31:17 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [patch 05/16] mm: Allow special mappings with user access cleared To: Linus Torvalds Cc: Peter Zijlstra , Dave Hansen , "Kirill A. Shutemov" , Andy Lutomirski , Thomas Gleixner , LKML , X86 ML , Borislav Petkov , Greg KH , Kees Cook , Hugh Dickins , Brian Gerst , Josh Poimboeuf , Denys Vlasenko , Boris Ostrovsky , Juergen Gross , David Laight , Eduardo Valentin , "Liguori, Anthony" , Will Deacon , "linux-mm@kvack.org" , "Kirill A. Shutemov" , "Aneesh Kumar K. V" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 641 Lines: 15 On Wed, Dec 13, 2017 at 10:08 AM, Linus Torvalds wrote: > On Wed, Dec 13, 2017 at 7:54 AM, Peter Zijlstra wrote: >> >> Which is why get_user_pages() _should_ enforce this. >> >> What use are protection keys if you can trivially circumvent them? > > No, we will *not* worry about protection keys in get_user_pages(). > Hmm. If I goof some pointer and pass that bogus pointer to read(2), and I'm using pkey to protect my mmapped database, I think i'd rather that read(2) fail. Sure, pkey is trivially circumventable using wrpkru or mprotect, but those are obvious dangerous functions.