On Sun, May 17, 2026 at 10:01:30AM +0100, Pedro Falcato wrote: > On Sun, May 17, 2026 at 02:17:18AM +0100, Matthew Wilcox wrote: > > If we have a buggy user which > > can write to read-only file pages, then it should also be prevented from > > writing to KSM pages. > > Hmm, I see. Are you suggesting we unshare KSM pages here? Or just straight > up reject them? > > Rejecting would be relatively sane if only we had access to the VMA here > (in normal GUP), testing on folio_test_ksm() is less robust :/
I think we have to unshare? As I understand KSM, it's done to a task, so it wouldn't be aware that it's done something potentially dangerous (unlike mapping a read-only file then splicing from it). Also, it'll be non-deterministic whether any given splice might fail. Bleh. Maybe just declare KSM to be vulnerable.
