Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW

From: Linus Torvalds
Date: Tue Aug 09 2022 - 16:15:18 EST

Next message: Rob Herring: "Re: [PATCH v3 2/3] ASoC: dt-bindings: Add sample format conversion"
Previous message: Sudip Mukherjee: "[PATCH v2 3/3] mtd: spi-nor: issi: is25wp256: Enable Quad Input Page Program"
In reply to: David Hildenbrand: "Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW"
Next in thread: David Hildenbrand: "Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 9, 2022 at 1:07 PM David Hildenbrand <david@xxxxxxxxxx> wrote:
>
> > /* But FOLL_FORCE has no effect on shared mappings */
> > if (vma->vm_flags & MAP_SHARED)
> > return false;
>
> I'd actually rather check for MAP_MAYSHARE here, which is even stronger.
> Thoughts?

Hmm. Adding the test for both is basically free (all those vm_flags
checks end up being a bit mask and compare), so no objections.

For some reason I though VM_SHARED and VM_MAYSHARE end up always being
the same bits, and it was a mistake to make them two bits in the first
place (unlike the read/write/exec bits that can are about mprotect),

But as there are two bits, I'm sure somebody ends up touching one and
not the other.

So yeah, I don't see any downside to just checking both bits.

[ That said, is_cow_mapping() only checks VM_SHARED, so if they are
ever different, that's a potential source of confusion ]

Linus

Next message: Rob Herring: "Re: [PATCH v3 2/3] ASoC: dt-bindings: Add sample format conversion"
Previous message: Sudip Mukherjee: "[PATCH v2 3/3] mtd: spi-nor: issi: is25wp256: Enable Quad Input Page Program"
In reply to: David Hildenbrand: "Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW"
Next in thread: David Hildenbrand: "Re: [PATCH v1] mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]