Re: usbdev_mmap causes type confusion in page_table_check

From: David Hildenbrand
Date: Mon May 08 2023 - 19:40:07 EST

Next message: Pasha Tatashin: "[PATCH v3] mm: hugetlb_vmemmap: provide stronger vmemmap allocation guarantees"
Previous message: Ron Economos: "Re: [PATCH 6.1 000/611] 6.1.28-rc1 review"
In reply to: Pasha Tatashin: "Re: usbdev_mmap causes type confusion in page_table_check"
Next in thread: Pasha Tatashin: "Re: usbdev_mmap causes type confusion in page_table_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 09.05.23 01:21, Pasha Tatashin wrote:

For normal Kernel-MM operations, vm_normal_page() should be used to
get "struct page" based on vma+addr+pte combination, but
page_table_check does not use vma for its operation in order to
strengthen the verification of no invalid page sharing. But, even

I'm not sure if that's the right approach for this case here, though.

vm_normal_page() can cause access to the "struct page" for VM_PFNMAP
if pfn_valid(pfn) is true. So, vm_normal_page() can return a struct
page for a user mapped slab page.

Only for !ARCH_HAS_PTE_SPECIAL case, otherwise NULL is returned.

That would violate VM_PFNMAP semantics, though. I remember that there was a trick to it.

Assuming we map /dev/mem, what stops a page we mapped and determined to be !anon to be freed and reused, such that we suddenly have an anon page mappped?

In that case, we really don't want to look at the "struct page" ever, no?

--
Thanks,

David / dhildenb

Next message: Pasha Tatashin: "[PATCH v3] mm: hugetlb_vmemmap: provide stronger vmemmap allocation guarantees"
Previous message: Ron Economos: "Re: [PATCH 6.1 000/611] 6.1.28-rc1 review"
In reply to: Pasha Tatashin: "Re: usbdev_mmap causes type confusion in page_table_check"
Next in thread: Pasha Tatashin: "Re: usbdev_mmap causes type confusion in page_table_check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]