Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default

From: Theodore Ts'o
Date: Fri Apr 28 2023 - 14:28:09 EST

Next message: ndesaulniers: "[PATCH v2] arm64: kernel: remove SHF_WRITE|SHF_EXECINSTR from .idmap.text"
Previous message: John Hubbard: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
In reply to: David Hildenbrand: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Next in thread: Jason Gunthorpe: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 28, 2023 at 11:35:32AM -0300, Jason Gunthorpe wrote:
>
> It has been years now, I think we need to admit a fix is still years
> away. Blocking the security problem may even motivate more people to
> work on a fix.

Do we think we can still trigger a kernel crash, or maybe even some
more exciting like an arbitrary buffer overrun, via the
process_vm_writev(2) system call into a file-backed mmap'ed region?

Maybe if someone can come up with an easy-to-expliot security proof of
aconcept, that doesn't require special RDMA hardware or some special
libvirt setup, we could finally get motivation to get it fixed, or at
least blocked? :-)

We've only been talking about it for years, after all...

- Ted

> Security is the primary case where we have historically closed uAPI
> items.
>
> Jason

Next message: ndesaulniers: "[PATCH v2] arm64: kernel: remove SHF_WRITE|SHF_EXECINSTR from .idmap.text"
Previous message: John Hubbard: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
In reply to: David Hildenbrand: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Next in thread: Jason Gunthorpe: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]