On 25/01/2019 19.38, Matthew Wilcox wrote:
It's never appropriate to map a page allocated by SLAB into userspace.
A buggy device driver might try this, or an attacker might be able to
find a way to make it happen.
Signed-off-by: Matthew Wilcox
Acked-by: Pekka Enberg
A WARN_ON_ONCE() would
Matthew Wilcox writes:
> It's never appropriate to map a page allocated by SLAB into userspace.
> A buggy device driver might try this, or an attacker might be able to
> find a way to make it happen.
>
> Signed-off-by: Matthew Wilcox
> ---
> mm/memory.c | 2 +-
> 1 file changed, 1
On Tue, 29 Jan 2019, Kees Cook wrote:
> It seems like a fatal condition to me? There's nothing to check that
> such a page wouldn't get freed by the slab while still mapped to
> userspace, right?
Lets just fail the code. Currently this may work with SLUB. But SLAB and
SLOB overlay fields with
On Tue, Jan 29, 2019 at 7:21 AM Andrew Morton wrote:
>
> On Fri, 25 Jan 2019 09:38:27 -0800 Matthew Wilcox wrote:
>
> > It's never appropriate to map a page allocated by SLAB into userspace.
> > A buggy device driver might try this, or an attacker might be able to
> > find a way to make it
On Fri, 25 Jan 2019 09:38:27 -0800 Matthew Wilcox wrote:
> It's never appropriate to map a page allocated by SLAB into userspace.
> A buggy device driver might try this, or an attacker might be able to
> find a way to make it happen.
It wouldn't surprise me if someone somewhere is doing this.
On Sat, Jan 26, 2019 at 07:44:40AM +1300, Kees Cook wrote:
> > - if (PageAnon(page))
> > + if (PageAnon(page) || PageSlab(page))
>
> Are there other types that should not get mapped? (Or better yet, is
> there a whitelist of those that are okay to be mapped?)
Funny you should ask; I
On Sat, Jan 26, 2019 at 6:38 AM Matthew Wilcox wrote:
>
> It's never appropriate to map a page allocated by SLAB into userspace.
> A buggy device driver might try this, or an attacker might be able to
> find a way to make it happen.
>
> Signed-off-by: Matthew Wilcox
> ---
> mm/memory.c | 2 +-
>
It's never appropriate to map a page allocated by SLAB into userspace.
A buggy device driver might try this, or an attacker might be able to
find a way to make it happen.
Signed-off-by: Matthew Wilcox
---
mm/memory.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git
8 matches
Mail list logo