On Thu, Dec 14, 2017 at 2:24 PM, Peter Zijlstra <pet...@infradead.org> wrote:
>
> get_user_pages_fast() (both of them) do indeed test access_ok(), but the
> regular get_user_pages() does not, I suspect because it can operate on a
> foreign mm.
That sounds wrong.
We actually had some very serious reasons why get_user_pages_fast()
needed to check access_ok().
I happen to forget what those reasons were, though.
My mind may be going.
But I think it was something like "you could walk off the page tables
because the undefined address range generates nonsensical values for
the pgd_offset() functions" etc.
But maybe the regular get_user_pages() has some other way to protect
against that.
Linus
