From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=NXjw=DO=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=3.0 tests=BAYES_00,DKIM_INVALID,
	DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,
	SPF_PASS autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7F9A2C4363C
	for <linux-mm@archiver.kernel.org>; Wed,  7 Oct 2020 06:17:37 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id B3EC320B1F
	for <linux-mm@archiver.kernel.org>; Wed,  7 Oct 2020 06:17:34 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="nBG61JS0"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B3EC320B1F
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id B21166B005C; Wed,  7 Oct 2020 02:17:33 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id AD2AE6B0062; Wed,  7 Oct 2020 02:17:33 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A0F3F6B0068; Wed,  7 Oct 2020 02:17:33 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0179.hostedemail.com [216.40.44.179])
	by kanga.kvack.org (Postfix) with ESMTP id 740C96B005C
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 02:17:33 -0400 (EDT)
Received: from smtpin20.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id 14C87181AE86F
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 06:17:33 +0000 (UTC)
X-FDA: 77344122786.20.birds43_4b091da271cd
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin20.hostedemail.com (Postfix) with ESMTP id 69131180C061F
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 06:17:11 +0000 (UTC)
X-HE-Tag: birds43_4b091da271cd
X-Filterd-Recvd-Size: 2534
Received: from casper.infradead.org (casper.infradead.org [90.155.50.34])
	by imf12.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Wed,  7 Oct 2020 06:17:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version:
	References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To:
	Content-Transfer-Encoding:Content-ID:Content-Description;
	bh=6uV8fR6Bo4rXo+4SAac2dN21jdBEtdjU/gp2f8k5a6U=; b=nBG61JS0gPJssVIiWhM4TYdaX7
	NgovjK/cwv32nuTrAfzI2XE875QD1msyMoU/d6LsDTlMx4hWrv/SV06X+dFN4UEKXrtc8PZEwmRSy
	YT8KOsQpo4OnvU3y5pjfWz7j9kRYCfs7g/BoP3VVzAwr6JWKgyLnQWEnGkPTboBr8OQi1UBRksyDq
	C8i1EaVzEYBrpBYuGBD0oiOUUeofK+Wd5LzZu8ia4eP5P3K0vQ6XDPRsRMXPna0vvNThUn6OVNGcF
	0LhSf36PaXv20v+r4fpqhRvwNeNYaMN3NDu0sns0rnEmMSa1aMFaTseom9/BtqVI2Wz9olyef0AIW
	FvLpwH7A==;
Received: from hch by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux))
	id 1kQ2l2-00060F-10; Wed, 07 Oct 2020 06:17:00 +0000
Date: Wed, 7 Oct 2020 07:16:59 +0100
From: Christoph Hellwig <hch@infradead.org>
To: Jann Horn <jannh@google.com>
Cc: Khalid Aziz <khalid.aziz@oracle.com>,
	"David S. Miller" <davem@davemloft.net>, sparclinux@vger.kernel.org,
	Linux-MM <linux-mm@kvack.org>, Khalid Aziz <khalid@gonehiking.org>,
	kernel list <linux-kernel@vger.kernel.org>,
	Anthony Yznaga <anthony.yznaga@oracle.com>,
	Andrew Morton <akpm@linux-foundation.org>
Subject: Re: SPARC version of arch_validate_prot() looks broken (UAF read)
Message-ID: <20201007061659.GA21685@infradead.org>
References: <CAG48ez3YsfTfOFKa-Po58e4PNp7FK54MFbkK3aUPSRt3LWtxQA@mail.gmail.com>
 <0fb905cc-77a2-4beb-dc9c-0c2849a6f0ae@oracle.com>
 <CAG48ez3istGAOA=G8fvrQkbMs4MroT8bj=Z=Wmnj0k73K0AFRA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAG48ez3istGAOA=G8fvrQkbMs4MroT8bj=Z=Wmnj0k73K0AFRA@mail.gmail.com>
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by casper.infradead.org. See http://www.infradead.org/rpr.html
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Wed, Oct 07, 2020 at 02:45:39AM +0200, Jann Horn wrote:
> > I think arch_validate_prot() is still the right hook to validate the
> > protection bits. sparc_validate_prot() can iterate over VMAs with read
> > lock. This will, of course, require range as well to be passed to
> > arch_validate_prot().
> 
> In that case, do you want to implement this?

Any reason to not just call arch_validate_prot after taking the mmap
lock?