Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1423122AbWLUVbO (ORCPT ); Thu, 21 Dec 2006 16:31:14 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1423121AbWLUVbO (ORCPT ); Thu, 21 Dec 2006 16:31:14 -0500 Received: from mail-gw1.sa.eol.hu ([212.108.200.67]:39418 "EHLO mail-gw1.sa.eol.hu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1423118AbWLUVbN (ORCPT ); Thu, 21 Dec 2006 16:31:13 -0500 To: jengelh@linux01.gwdg.de CC: rmk+lkml@arm.linux.org.uk, linux-kernel@vger.kernel.org, linux-arch@vger.kernel.org In-reply-to: (message from Jan Engelhardt on Thu, 21 Dec 2006 22:04:53 +0100 (MET)) Subject: Re: fuse, get_user_pages, flush_anon_page, aliasing caches and all that again References: <20061221152621.GB3958@flint.arm.linux.org.uk> <20061221165744.GD3958@flint.arm.linux.org.uk> Message-Id: From: Miklos Szeredi Date: Thu, 21 Dec 2006 22:30:54 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 864 Lines: 20 > > > >The root of the problem is that copy_to_user() may cause page faults > >on the userspace buffer, and the page fault might (in case of a > >maliciously crafted filesystem) recurse into the filesystem itself. > > Would it be worthwhile to mlock the page? I know that needs root > privs or some capability, but a static buffer could be put aside when > fusermount is run. And how would the kernel ensure, that the buffer supplied by userspace is mlocked and stays mlocked during the memory copy? I don't think that would simplify the kerel side much, and would complicate the userspace side considerably. Miklos - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/