From mboxrd@z Thu Jan 1 00:00:00 1970 From: Linus Torvalds Subject: Re: [RFC PATCH (resend)] block layer zero-copy: missing access_ok() check Date: Fri, 15 Mar 2013 11:01:16 -0700 Message-ID: References: <20130315133748.GA31887@Krystal> <20130315152326.GM31875@kernel.dk> <20130315155808.GB1659@Krystal> <20130315171000.GA2342@Krystal> <20130315175710.GA2748@Krystal> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Return-path: Received: from mail-ve0-f178.google.com ([209.85.128.178]:57671 "EHLO mail-ve0-f178.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751363Ab3COSBR (ORCPT ); Fri, 15 Mar 2013 14:01:17 -0400 Received: by mail-ve0-f178.google.com with SMTP id db10so2814309veb.23 for ; Fri, 15 Mar 2013 11:01:16 -0700 (PDT) In-Reply-To: <20130315175710.GA2748@Krystal> Sender: linux-arch-owner@vger.kernel.org List-ID: To: Mathieu Desnoyers Cc: "linux-arch@vger.kernel.org" , Jens Axboe , "security@kernel.org" , Greg Kroah-Hartman , Al Viro , Nick Piggin On Fri, Mar 15, 2013 at 10:57 AM, Mathieu Desnoyers wrote: > > In addition to get_user_pages_fast() issues, I see that there are many > direct callers of get_user_pages() that seem to assume that access > checks are performed within this function. get_user_pages() does check permissions. It looks up the vma and checks them there, which is much more than access_ok() ever does. > AFAIU, on architectures that > have a _PAGE_USER flag, this check is performed internally by pgd_bad() > and pud_bad(), but what happens to all the others ? Irrelevant. See above. Linus