On 12/13/2017 07:32 AM, Peter Zijlstra wrote: >> This will fault writing a byte to 'addr': >> >> char *addr = malloc(PAGE_SIZE); >> pkey_mprotect(addr, PAGE_SIZE, 13); >> pkey_deny_access(13); >> *addr[0] = 'f'; >> >> But this will write one byte to addr successfully (if it uses the kernel >> mapping of the physical page backing 'addr'): >> >> char *addr = malloc(PAGE_SIZE); >> pkey_mprotect(addr, PAGE_SIZE, 13); >> pkey_deny_access(13); >> read(fd, addr, 1); >> > This seems confused to me; why are these two cases different? Protection keys doesn't work in the kernel direct map, so if the read() was implemented by writing to the direct map alias of 'addr' then this would bypass protection keys. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
