On Mon, Oct 03, 2022 at 08:33:13AM +0100, Fuad Tabba wrote: > > I think it is "don't do that" category. inaccessible_register_notifier() > > caller has to know what file it operates on, no? > > The thing is, you could oops the kernel from userspace. For that, all > you have to do is a memfd_create without the MFD_INACCESSIBLE, > followed by a KVM_SET_USER_MEMORY_REGION using that as the private_fd. > I ran into this using my port of this patch series to arm64. My point is that it has to be handled on a different level. KVM has to reject private_fd if it is now inaccessible. It should be trivial by checking file->f_inode->i_sb->s_magic. -- Kiryl Shutsemau / Kirill A. Shutemov