Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp776194imu; Fri, 25 Jan 2019 10:45:54 -0800 (PST) X-Google-Smtp-Source: ALg8bN7Zk8CLqjNdj1QcX+6opVBmdCh1ZvMepwYmmzJC+OPWdJGkLjkMsZ69+9VKIJw0B7Wl1WDv X-Received: by 2002:a17:902:70c6:: with SMTP id l6mr5851853plt.30.1548441954451; Fri, 25 Jan 2019 10:45:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548441954; cv=none; d=google.com; s=arc-20160816; b=HWXlBuhIHVj75DLH/dGIVpPHseo1Y7yUKAg4DqPGfcUu63tNpCYa0wErS2DgKmHeef Xu8/CzTloNdHU9nlcwIzDp5zAgOSu3WfrshPonlHdlP7aOkmHSPfsN2G3ZwYMVtNv35U dqqy00/MjinA263Pdx0tvS5oN/RfxCCSaCGNCtmoWbPZYj7pTTB+xvDvI67BT9EYx2XG suhJ6qY0zL1MlVyXxvM6+kHLYsruRex4KFeesF5GXb6F8jouIsyrDLtbZDFrOU9Wtr4l 3F/UXdWyGVFb7fxDo0kZqy3mpRttIGtIN4qWqoDpRXJ3fT1pmP+M/DQovpRuqA1YrClK hD6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=mgiQ1AS1vbH52Fdhlzx0yBS0Qcj/v4CjMVy9B7SV8gQ=; b=AZNNH2iIW5rMYh5qdfddWMSInXqmRA9jZDRlJBTwdHkd5+KdAe2iMCkBIcF+LZ8qz/ 5NzR2+4MWnSk9CrQJrisSPLNPiOcGNFtK+v8iOPlXT4kQ1DMWiEmikWo8vaM7xm0Syyz UtMbB5SVp22wC+8EXYhvTwHgHKwODQhtrtCwJg5w5NqU6jS1qiXGHy0Ty/VjpO5vmK3Y fnRAJfacxd+WEMtDqb+7HzzVzceITMAbXSVdvYsHPBlv1odZBgV6sRUeR0degy/oVI9X XGyT83lMBOvemdRKnRYpw7K0S8EVUu8Gs1jkkEXdT2fLOh0Zdz8qGyolAoH8GFLmD1gI U2qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=OWTKgxsR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d189si27358142pfa.70.2019.01.25.10.45.39; Fri, 25 Jan 2019 10:45:54 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=OWTKgxsR; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729242AbfAYSoz (ORCPT + 99 others); Fri, 25 Jan 2019 13:44:55 -0500 Received: from mail-vk1-f195.google.com ([209.85.221.195]:45367 "EHLO mail-vk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726030AbfAYSoz (ORCPT ); Fri, 25 Jan 2019 13:44:55 -0500 Received: by mail-vk1-f195.google.com with SMTP id n126so2339264vke.12 for ; Fri, 25 Jan 2019 10:44:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mgiQ1AS1vbH52Fdhlzx0yBS0Qcj/v4CjMVy9B7SV8gQ=; b=OWTKgxsRROMExtBfkf0bxxcq0zQINpUefyMVFPVXOD7Ow1GJhPS1F3XVpEUazOyoPC B1fPtJERXRLxCQX5VG1AlmKhbDkZtlL80flYdMYT2hZpyHyHT7FezvASf1PdBvcpGS0k V8rIWejSfPUpU8eHglkabuMuE/Imstz6FB3QI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mgiQ1AS1vbH52Fdhlzx0yBS0Qcj/v4CjMVy9B7SV8gQ=; b=If7+/Bjm3uxGaAenXQaaAi1iyuheE8MxwuAbPaTUIt44GLMYBu94cYB2zWs4zwKYJl Bcrf5TYlS7Ppda94hgdy5VlTSKKKxBwuFuQF6uoOtAKk8B8LhqWtfagi43mB3yNnr3Qs VUMK5oq/E4NdqrSXDYGp2e5h/k0goewjBdTq2VIhmbgxjUits9ny8eDckN0qekNDwr4t Rax+quwB81jTstT7wIgMFtAgZmqrw9Jk+4Mh792RA/2ZhFJWRy3WGOQGT8zqTr9m2Joz DlNabteXWLG6hXuh8GNFVLpKXv2/9JbgWTZ+gDRX+2dajNcmwRFH57H2ZvkMPan6e7SK 54MQ== X-Gm-Message-State: AJcUukdw4HEzqQdzTkaPyGtZ2hGXXd6htvv+6xQcxJEZ6z19oUbsN04R RAdlHgIKhjnfnKaQGrTio1irAd3uH5k= X-Received: by 2002:a1f:ccc4:: with SMTP id c187mr4922418vkg.90.1548441893847; Fri, 25 Jan 2019 10:44:53 -0800 (PST) Received: from mail-ua1-f45.google.com (mail-ua1-f45.google.com. [209.85.222.45]) by smtp.gmail.com with ESMTPSA id p8sm76651526vke.27.2019.01.25.10.44.52 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Jan 2019 10:44:52 -0800 (PST) Received: by mail-ua1-f45.google.com with SMTP id u19so3587817uae.4 for ; Fri, 25 Jan 2019 10:44:52 -0800 (PST) X-Received: by 2002:ab0:645:: with SMTP id f63mr4915124uaf.106.1548441892334; Fri, 25 Jan 2019 10:44:52 -0800 (PST) MIME-Version: 1.0 References: <20190125173827.2658-1-willy@infradead.org> In-Reply-To: <20190125173827.2658-1-willy@infradead.org> From: Kees Cook Date: Sat, 26 Jan 2019 07:44:40 +1300 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] mm: Prevent mapping slab pages to userspace To: Matthew Wilcox Cc: Andrew Morton , Linux-MM , LKML , Rik van Riel , Christoph Lameter , Pekka Enberg , David Rientjes , Joonsoo Kim , Kernel Hardening , Michael Ellerman Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 26, 2019 at 6:38 AM Matthew Wilcox wrote: > > It's never appropriate to map a page allocated by SLAB into userspace. > A buggy device driver might try this, or an attacker might be able to > find a way to make it happen. > > Signed-off-by: Matthew Wilcox > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index e11ca9dd823f..ce8c90b752be 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, > spinlock_t *ptl; > > retval = -EINVAL; > - if (PageAnon(page)) > + if (PageAnon(page) || PageSlab(page)) Are there other types that should not get mapped? (Or better yet, is there a whitelist of those that are okay to be mapped?) Either way, this sounds good. :) Reviewed-by: Kees Cook -Kees > goto out; > retval = -ENOMEM; > flush_dcache_page(page); > -- > 2.20.1 > -- Kees Cook