kernel-hardening.lists.openwall.com archive mirror
 help / color / mirror / Atom feed
* [PATCH] mm: Prevent mapping typed pages to userspace
@ 2019-01-29  5:38 Matthew Wilcox
  2019-01-29  8:09 ` Kees Cook
  2019-01-30 12:01 ` David Hildenbrand
  0 siblings, 2 replies; 3+ messages in thread
From: Matthew Wilcox @ 2019-01-29  5:38 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Matthew Wilcox, linux-mm, linux-kernel, kernel-hardening,
	Kees Cook, Michael Ellerman, Will Deacon

Pages which use page_type must never be mapped to userspace as it would
destroy their page type.  Add an explicit check for this instead of
assuming that kernel drivers always get this right.

Signed-off-by: Matthew Wilcox <willy@infradead.org>
---
 mm/memory.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/memory.c b/mm/memory.c
index ce8c90b752be..db3534bbd652 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
 	spinlock_t *ptl;
 
 	retval = -EINVAL;
-	if (PageAnon(page) || PageSlab(page))
+	if (PageAnon(page) || PageSlab(page) || page_has_type(page))
 		goto out;
 	retval = -ENOMEM;
 	flush_dcache_page(page);
-- 
2.20.1

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] mm: Prevent mapping typed pages to userspace
  2019-01-29  5:38 [PATCH] mm: Prevent mapping typed pages to userspace Matthew Wilcox
@ 2019-01-29  8:09 ` Kees Cook
  2019-01-30 12:01 ` David Hildenbrand
  1 sibling, 0 replies; 3+ messages in thread
From: Kees Cook @ 2019-01-29  8:09 UTC (permalink / raw)
  To: Matthew Wilcox
  Cc: Andrew Morton, Linux-MM, LKML, Kernel Hardening,
	Michael Ellerman, Will Deacon

On Tue, Jan 29, 2019 at 6:38 PM Matthew Wilcox <willy@infradead.org> wrote:
>
> Pages which use page_type must never be mapped to userspace as it would
> destroy their page type.  Add an explicit check for this instead of
> assuming that kernel drivers always get this right.
>
> Signed-off-by: Matthew Wilcox <willy@infradead.org>

Reviewed-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  mm/memory.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/memory.c b/mm/memory.c
> index ce8c90b752be..db3534bbd652 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
>         spinlock_t *ptl;
>
>         retval = -EINVAL;
> -       if (PageAnon(page) || PageSlab(page))
> +       if (PageAnon(page) || PageSlab(page) || page_has_type(page))
>                 goto out;
>         retval = -ENOMEM;
>         flush_dcache_page(page);
> --
> 2.20.1
>


-- 
Kees Cook

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] mm: Prevent mapping typed pages to userspace
  2019-01-29  5:38 [PATCH] mm: Prevent mapping typed pages to userspace Matthew Wilcox
  2019-01-29  8:09 ` Kees Cook
@ 2019-01-30 12:01 ` David Hildenbrand
  1 sibling, 0 replies; 3+ messages in thread
From: David Hildenbrand @ 2019-01-30 12:01 UTC (permalink / raw)
  To: Matthew Wilcox, Andrew Morton
  Cc: linux-mm, linux-kernel, kernel-hardening, Kees Cook,
	Michael Ellerman, Will Deacon

On 29.01.19 06:38, Matthew Wilcox wrote:
> Pages which use page_type must never be mapped to userspace as it would
> destroy their page type.  Add an explicit check for this instead of
> assuming that kernel drivers always get this right.
> 
> Signed-off-by: Matthew Wilcox <willy@infradead.org>
> ---
>  mm/memory.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/memory.c b/mm/memory.c
> index ce8c90b752be..db3534bbd652 100644
> --- a/mm/memory.c
> +++ b/mm/memory.c
> @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr,
>  	spinlock_t *ptl;
>  
>  	retval = -EINVAL;
> -	if (PageAnon(page) || PageSlab(page))
> +	if (PageAnon(page) || PageSlab(page) || page_has_type(page))
>  		goto out;
>  	retval = -ENOMEM;
>  	flush_dcache_page(page);
> 

Reviewed-by: David Hildenbrand <david@redhat.com>

-- 

Thanks,

David / dhildenb

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2019-01-30 12:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-29  5:38 [PATCH] mm: Prevent mapping typed pages to userspace Matthew Wilcox
2019-01-29  8:09 ` Kees Cook
2019-01-30 12:01 ` David Hildenbrand

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).