On Thu, Aug 29, 2019 at 09:15:36AM -0700, Kees Cook wrote: > On Thu, Aug 29, 2019 at 08:42:30PM +0800, Jason Yan wrote: > > We found an issue of kernel bug related to HARDENED_USERCOPY. > > When copying an IO buffer to userspace, HARDENED_USERCOPY thought it is > > illegal to copy this buffer. Actually this is because this IO buffer was > > merged from two bio vectors, and the two bio vectors buffer was allocated > > with kmalloc() in the filesystem layer. > > Ew. I thought the FS layer was always using page_alloc? No, they don't. It's perfectly legal to use heap memory for bio buffers - we've been doing it since, at least, XFS got merged all those years ago. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
