On Tue, Dec 12, 2017 at 10:05 AM, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote: > On Tue, Dec 12, 2017 at 10:00:08AM -0800, Andy Lutomirski wrote: >> On Tue, Dec 12, 2017 at 9:32 AM, Thomas Gleixner <tglx@xxxxxxxxxxxxx> wrote: >> > From: Peter Zijstra <peterz@xxxxxxxxxxxxx> >> > >> > In order to create VMAs that are not accessible to userspace create a new >> > VM_NOUSER flag. This can be used in conjunction with >> > install_special_mapping() to inject 'kernel' data into the userspace map. >> > >> > Similar to how arch_vm_get_page_prot() allows adding _PAGE_flags to >> > pgprot_t, introduce arch_vm_get_page_prot_excl() which masks >> > _PAGE_flags from pgprot_t and use this to implement VM_NOUSER for x86. >> >> How does this interact with get_user_pages(), etc? > > gup would find the page. These patches do in fact rely on that through > the populate things. > Blech. So you can write(2) from the LDT to a file and you can even sendfile it, perhaps. What happens if it's get_user_page()'d when modify_ldt() wants to free it? This patch series scares the crap out of me. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
