From: Benjamin Herrenschmidt <benh@kernel.crashing.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
"linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
Jens Axboe <axboe@kernel.dk>,
"security@kernel.org" <security@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Nick Piggin <npiggin@kernel.dk>
Subject: Re: [RFC PATCH (resend)] block layer zero-copy: missing access_ok() check
Date: Mon, 18 Mar 2013 07:51:39 +0100 [thread overview]
Message-ID: <1363589499.21545.5.camel@pasglop> (raw)
In-Reply-To: <CA+55aFyrj9LsRp2gaoy1Lo6+s_brWjeKDG8F8JOLk2VaKndeaQ@mail.gmail.com>
On Fri, 2013-03-15 at 10:21 -0700, Linus Torvalds wrote:
> Adding linux-arch. Guys, can you check your architectures?
>
> Also, make sure to check huge-pages if they are separate. Basically,
> if you have code like this:
>
> if (!pte_present(pte) ||
> pte_special(pte) || (write && !pte_write(pte))) {
> pte_unmap(ptep);
> return 0;
> }
>
> it's probably buggy. It's not sufficient to just check write
> permissions, you do need to check user permissions too.
>
> Powerpc,x86 and sh seem to get it right by virtue of checking rthe
> user bit. s390 checks against TASK_SIZE.
>
> MIPS does seem buggy. Sparc I don't know the meaning of the bits for.
> And powerpc does have several variants, so while the main one looks
> fine, I didn't look at the other ones.
Took the train half way through... I assume we are talking gup_fast
here ? So we have an access_ok() accross the range, which should make
us safe. Additionally on ppc64 we have a different pgd for user and
kernel pages anyway.
We do check for huge pages at every level as far as I can tell (and
those are user only) and finally we check for _PAGE_USER.
The only "subtlety" I can think of is that PROT_NONE has no _PAGE_USER
for us and thus will fail a gup but that's expected right ?
Cheers,
Ben.
next prev parent reply other threads:[~2013-03-18 6:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20130315133748.GA31887@Krystal>
[not found] ` <20130315152326.GM31875@kernel.dk>
[not found] ` <20130315155808.GB1659@Krystal>
[not found] ` <CA+55aFxW0vkpgJCpJVJVqDmDG61P_AOoVMFVhfqVxM45Mj-LNA@mail.gmail.com>
[not found] ` <20130315171000.GA2342@Krystal>
2013-03-15 17:21 ` [RFC PATCH (resend)] block layer zero-copy: missing access_ok() check Linus Torvalds
2013-03-15 17:57 ` Mathieu Desnoyers
2013-03-15 18:01 ` Linus Torvalds
2013-03-15 18:04 ` Linus Torvalds
2013-03-15 18:07 ` Mathieu Desnoyers
2013-03-18 6:51 ` Benjamin Herrenschmidt [this message]
2013-03-21 21:33 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1363589499.21545.5.camel@pasglop \
--to=benh@kernel.crashing.org \
--cc=axboe@kernel.dk \
--cc=gregkh@linuxfoundation.org \
--cc=linux-arch@vger.kernel.org \
--cc=mathieu.desnoyers@efficios.com \
--cc=npiggin@kernel.dk \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.