On Fri, 24 Jul 2020, Lichao Liu wrote:
> > IMHO it's exactly the point of RIXI enabled CPUs to support a
> > writeonly mapping even if most of other archs aren't able to
> > support it. So if there is no real good reason to change this,
> > I'm going to leave it this way.
[...]
> I think there are have two solutions to the problem:
> 1)modify fault_in_user_writeable(),
> must claim read permission when claiming write permission.
> 2)Grant pte read permission, even if vma only have VM_WRITE permission.
>
> But not sure which one is more suitable.
Well, the internal documentation is clear:
* fault_in_user_writeable() - Fault in user address and verify RW access
so if it does only verify W rather than RW access, then it has to be fixed
and verify both kinds of access at a time. Presumably:
mmap_read_lock(mm);
ret = fixup_user_fault(current, mm, (unsigned long)uaddr, 0, NULL);
if (!ret)
ret = fixup_user_fault(current, mm, (unsigned long)uaddr,
FAULT_FLAG_WRITE, NULL);
mmap_read_unlock(mm);
at the minimum or perhaps by expanding the interface of `fixup_user_fault'
to also support FAULT_FLAG_RW so as to avoid the double call.
As Thomas says silently expanding access permissions beyond what has been
granted would be a security breach.
Maciej
