On 14.06.23 17:46, Peter Xu wrote:
On Wed, Jun 14, 2023 at 05:31:36PM +0200, David Hildenbrand wrote:
On 13.06.23 23:53, Peter Xu wrote:
It seems hugetlb_follow_page_mask() was missing permission checks. For
example, one follow_page() can get the hugetlb page with FOLL_WRITE even if
the page is read-only.
I'm curious if there even is a follow_page() user that operates on hugetlb
...
s390x secure storage does not apply to hugetlb IIRC.
You're the expert, so I'll rely on you. :)
Hehe, there is a comment in gmap_destroy_page(), above one of the
follow_page() users:
/*
* Huge pages should not be able to become secure
*/
if (is_vm_hugetlb_page(vma))
goto out;
--
Cheers,
David / dhildenb
