Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp3076353rwb; Wed, 30 Nov 2022 15:09:55 -0800 (PST) X-Google-Smtp-Source: AA0mqf6K71fRFcsbGoslDUrvFHfGl2ZpnApai0RFWwTLjwbqLViiaYzv8RriBWcWbNmtOaGxirWQ X-Received: by 2002:a17:902:dac6:b0:189:7105:59e8 with SMTP id q6-20020a170902dac600b00189710559e8mr25578807plx.50.1669849795634; Wed, 30 Nov 2022 15:09:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669849795; cv=none; d=google.com; s=arc-20160816; b=VZa0+Wz5WJ/Bg+T9gZhS48zs1Hh1hf7+AwdbTCd+w74KWe112sdFdPmCBDqC5ZkE88 BzfZz69G2PpFR+wEZ20YHQ87AK7b4aC+XBP7ZQsJ2UlQ+fjLyVd7oyY7RDYlsPca7GES uM/WsrVFdKXgJNyoCJmfaSKzEde/B1b8KB9+LYa9VbhCGVBQZ737N3fJV4/k3tfpnCvn DyLZm9ohvc791uJDzdfj17icGNhMj/Nfl5SP2vNW4SsdM61ng8OnA9VTClrTdrCnLK3c F/T+5GMDFc1qE96+e6vOWC+iDZ7qik296ClVDceJO5KwoFfpaTwWSJnYMXXz5Tl8vVJz Bf7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=gSUQrWYPRJf7mmnElFAlxYip+qlgHvhcXPvENsF5Cls=; b=PqCQzf5dSoQk1O/3ZjQhWxy6A2GzZG/ymG06Ca0yK4t5cY/dgjGdR1TWSBUYw2IOR6 Ka/IGFEzmPWJfZebzF5NYzuoSpM3cXJ8Yx8q3924pRQc/l7LwpqhXI6ENyYNpMaxtBOy Ba/jn7j0KDeFFLCG3YakFmpvsnn8i+/BDojnVB34iAW4wnW6PP/djpV7rFWsXEJ3nIhQ rgaic3DzSk7+EzcK7j9t5BOatMJuX6B4/3oB+SatUf/4VavEBE7TaxQouufdvo7JmpL2 yZ/z70+tYimvSt4LAilkhC4l80q3n9KpHtBRGhQxbjiXA3i00fQDSLtXP76yNE7rEMlv qXdg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id 17-20020a170902c11100b001871c762263si2321142pli.185.2022.11.30.15.09.43; Wed, 30 Nov 2022 15:09:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229449AbiK3WsT convert rfc822-to-8bit (ORCPT + 83 others); Wed, 30 Nov 2022 17:48:19 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56820 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229541AbiK3WsQ (ORCPT ); Wed, 30 Nov 2022 17:48:16 -0500 Received: from eu-smtp-delivery-151.mimecast.com (eu-smtp-delivery-151.mimecast.com [185.58.85.151]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 866E02035A for ; Wed, 30 Nov 2022 14:48:15 -0800 (PST) Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id uk-mta-48-b7-QnvoZO7-9gfia73WI0A-1; Wed, 30 Nov 2022 22:48:12 +0000 X-MC-Unique: b7-QnvoZO7-9gfia73WI0A-1 Received: from AcuMS.Aculab.com (10.202.163.6) by AcuMS.aculab.com (10.202.163.6) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 30 Nov 2022 22:48:11 +0000 Received: from AcuMS.Aculab.com ([::1]) by AcuMS.aculab.com ([::1]) with mapi id 15.00.1497.044; Wed, 30 Nov 2022 22:48:11 +0000 From: David Laight To: 'Thomas Gleixner' , Jann Horn CC: Andrei Vagin , "linux-kernel@vger.kernel.org" Subject: RE: [PATCH 2/2] time/namespace: Forbid timens page faults under kthread_use_mm() Thread-Topic: [PATCH 2/2] time/namespace: Forbid timens page faults under kthread_use_mm() Thread-Index: AQHZBE/IlsN+XpW55U+9wjAjQGZIJa5YEbrw Date: Wed, 30 Nov 2022 22:48:11 +0000 Message-ID: <1c767e89dcf8475f90d2d817b9096a55@AcuMS.aculab.com> References: <20221129191839.2471308-1-jannh@google.com> <20221129191839.2471308-2-jannh@google.com> <87fse1v4rf.ffs@tglx> <87y1rttid2.ffs@tglx> In-Reply-To: <87y1rttid2.ffs@tglx> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,PDS_BAD_THREAD_QP_64, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Thomas Gleixner > Sent: 30 November 2022 00:08 .... > >> None of those VDSO (user space) addresses are subject to be faulted in > >> by anything else than the associated user space task(s). > > > > Are you saying that it's not possible or that it doesn't happen when > > userspace is well-behaved? > > My subconcious self told me that a kthread won't do that unless it's > buggered which makes the vdso fault path the least of our problems, but > thinking more about it: You are right, that there are ways that the > kthread ends up with a vdso page address.... Bah! > > Still my point stands that this is not a timens VDSO issue, but an issue > of: kthread tries to fault in a VDSO page of whatever nature. Isn't there also the kernel code path where one user thread reads data from another processes address space. (It does some unusual calls to the iov_import() functions.) I can't remember whether it is used by strace or gdb. But there is certainly the option of getting to access an 'invalid' address in the other process and then faulting. ISTR not being convinced that there was a correct check for user/kernel addresses in it either. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)