Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default

From: Jason Gunthorpe
Date: Fri Apr 28 2023 - 14:50:29 EST

Next message: Doug Berger: "Re: [PATCH -next] gpio: brcmstb: Use devm_platform_get_and_ioremap_resource()"
Previous message: Christoph Müllner: "Re: [PATCH 0/4] Expose the isa-string via the AT_BASE_PLATFORM aux vector"
In reply to: Theodore Ts'o: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Next in thread: Theodore Ts'o: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 28, 2023 at 02:25:53PM -0400, Theodore Ts'o wrote:
> On Fri, Apr 28, 2023 at 11:35:32AM -0300, Jason Gunthorpe wrote:
> >
> > It has been years now, I think we need to admit a fix is still years
> > away. Blocking the security problem may even motivate more people to
> > work on a fix.
>
> Do we think we can still trigger a kernel crash, or maybe even some
> more exciting like an arbitrary buffer overrun, via the
> process_vm_writev(2) system call into a file-backed mmap'ed region?

Jens? You blocked it from io_uring, did you have a specific attack in
mind?

Jason

Next message: Doug Berger: "Re: [PATCH -next] gpio: brcmstb: Use devm_platform_get_and_ioremap_resource()"
Previous message: Christoph Müllner: "Re: [PATCH 0/4] Expose the isa-string via the AT_BASE_PLATFORM aux vector"
In reply to: Theodore Ts'o: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Next in thread: Theodore Ts'o: "Re: [PATCH v5] mm/gup: disallow GUP writing to file-backed mappings by default"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]