On Fri, Apr 28, 2023 at 05:34:35PM +0200, David Hildenbrand wrote: > On 28.04.23 17:33, Lorenzo Stoakes wrote: > > On Fri, Apr 28, 2023 at 05:23:29PM +0200, David Hildenbrand wrote: > > > > > > > > > > Security is the primary case where we have historically closed uAPI > > > > > items. > > > > > > > > As this patch > > > > > > > > 1) Does not tackle GUP-fast > > > > 2) Does not take care of !FOLL_LONGTERM > > > > > > > > I am not convinced by the security argument in regard to this patch. > > > > > > > > > > > > If we want to sells this as a security thing, we have to block it > > > > *completely* and then CC stable. > > > > > > Regarding GUP-fast, to fix the issue there as well, I guess we could do > > > something similar as I did in gup_must_unshare(): > > > > > > If we're in GUP-fast (no VMA), and want to pin a !anon page writable, > > > fallback to ordinary GUP. IOW, if we don't know, better be safe. > > > > How do we determine it's non-anon in the first place? The check is on the > > VMA. We could do it by following page tables down to folio and checking > > folio->mapping for PAGE_MAPPING_ANON I suppose? > > PageAnon(page) can be called from GUP-fast after grabbing a reference. See > gup_must_unshare(). Hmm.. Is it a good idea at all to sacrifise all "!anon" fast-gups for this? People will silently got degrade even on legal pins on shmem/hugetlb, I think, which seems to be still a very major use case. -- Peter Xu
