[079/147] fs/proc/kcore.c: add mmap interface

Message ID	20210908025730.S88ylmikU%akpm@linux-foundation.org (mailing list archive)
State	New
Headers	show Return-Path: <SRS0=DBvG=N6=kvack.org=owner-linux-mm@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 939FE60E52 Date: Tue, 07 Sep 2021 19:57:30 -0700 From: Andrew Morton <akpm@linux-foundation.org> To: adobriyan@gmail.com, akpm@linux-foundation.org, chenying.kernel@bytedance.com, linux-mm@kvack.org, mm-commits@vger.kernel.org, rppt@kernel.org, songmuchun@bytedance.com, torvalds@linux-foundation.org, zhouchengming@bytedance.com, zhoufeng.zf@bytedance.com Subject: [patch 079/147] fs/proc/kcore.c: add mmap interface Message-ID: <20210908025730.S88ylmikU%akpm@linux-foundation.org> In-Reply-To: <20210907195226.14b1d22a07c085b22968b933@linux-foundation.org> User-Agent: s-nail v14.8.16 Sender: owner-linux-mm@kvack.org Precedence: bulk
Series	[001/147] mm, slub: don't call flush_all() from slab_debug_trace_open() \| expand [001/147] mm, slub: don't call flush_all() from slab_debug_trace_open() [002/147] mm, slub: allocate private object map for debugfs listings [003/147] mm, slub: allocate private object map for validate_slab_cache() [004/147] mm, slub: don't disable irq for debug_check_no_locks_freed() [005/147] mm, slub: remove redundant unfreeze_partials() from put_cpu_partial() [006/147] mm, slub: extract get_partial() from new_slab_objects() [007/147] mm, slub: dissolve new_slab_objects() into ___slab_alloc() [008/147] mm, slub: return slab page from get_partial() and set c->page afterwards [009/147] mm, slub: restructure new page checks in ___slab_alloc() [010/147] mm, slub: simplify kmem_cache_cpu and tid setup [011/147] mm, slub: move disabling/enabling irqs to ___slab_alloc() [012/147] mm, slub: do initial checks in ___slab_alloc() with irqs enabled [013/147] mm, slub: move disabling irqs closer to get_partial() in ___slab_alloc() [014/147] mm, slub: restore irqs around calling new_slab() [015/147] mm, slub: validate slab from partial list or page allocator before making it cpu slab [016/147] mm, slub: check new pages with restored irqs [017/147] mm, slub: stop disabling irqs around get_partial() [018/147] mm, slub: move reset of c->page and freelist out of deactivate_slab() [019/147] mm, slub: make locking in deactivate_slab() irq-safe [020/147] mm, slub: call deactivate_slab() without disabling irqs [021/147] mm, slub: move irq control into unfreeze_partials() [022/147] mm, slub: discard slabs in unfreeze_partials() without irqs disabled [023/147] mm, slub: detach whole partial list at once in unfreeze_partials() [024/147] mm, slub: separate detaching of partial list in unfreeze_partials() from unfreezing [025/147] mm, slub: only disable irq with spin_lock in __unfreeze_partials() [026/147] mm, slub: don't disable irqs in slub_cpu_dead() [027/147] mm, slab: split out the cpu offline variant of flush_slab() [028/147] mm: slub: move flush_cpu_slab() invocations __free_slab() invocations out of IRQ context [029/147] mm: slub: make object_map_lock a raw_spinlock_t [030/147] mm, slub: make slab_lock() disable irqs with PREEMPT_RT [031/147] mm, slub: protect put_cpu_partial() with disabled irqs instead of cmpxchg [032/147] mm, slub: use migrate_disable() on PREEMPT_RT [033/147] mm, slub: convert kmem_cpu_slab protection to local_lock [034/147] memory-hotplug.rst: remove locking details from admin-guide [035/147] memory-hotplug.rst: complete admin-guide overhaul [036/147] mm: remove pfn_valid_within() and CONFIG_HOLES_IN_ZONE [037/147] mm: memory_hotplug: cleanup after removal of pfn_valid_within() [038/147] mm/memory_hotplug: use "unsigned long" for PFN in zone_for_pfn_range() [039/147] mm/memory_hotplug: remove nid parameter from arch_remove_memory() [040/147] mm/memory_hotplug: remove nid parameter from remove_memory() and friends [041/147] ACPI: memhotplug: memory resources cannot be enabled yet [042/147] mm: track present early pages per zone [043/147] mm/memory_hotplug: introduce "auto-movable" online policy [044/147] drivers/base/memory: introduce "memory groups" to logically group memory blocks [045/147] mm/memory_hotplug: track present pages in memory groups [046/147] ACPI: memhotplug: use a single static memory group for a single memory device [047/147] dax/kmem: use a single static memory group for a single probed unit [048/147] virtio-mem: use a single dynamic memory group for a single virtio-mem device [049/147] mm/memory_hotplug: memory group aware "auto-movable" online policy [050/147] mm/memory_hotplug: improved dynamic memory group aware "auto-movable" online policy [051/147] mm/memory_hotplug: use helper zone_is_zone_device() to simplify the code [052/147] mm: remove redundant compound_head() calling [053/147] riscv: only select GENERIC_IOREMAP if MMU support is enabled [054/147] mm: move ioremap_page_range to vmalloc.c [055/147] mm: don't allow executable ioremap mappings [056/147] mm/early_ioremap.c: remove redundant early_ioremap_shutdown() [057/147] highmem: don't disable preemption on RT in kmap_atomic() [058/147] mm: in_irq() cleanup [059/147] mm: introduce PAGEFLAGS_MASK to replace ((1UL << NR_PAGEFLAGS) - 1) [060/147] mm/secretmem: use refcount_t instead of atomic_t [061/147] kfence: show cpu and timestamp in alloc/free info [062/147] kfence: test: fail fast if disabled at boot [063/147] mm: introduce Data Access MONitor (DAMON) [064/147] mm/damon/core: implement region-based sampling [065/147] mm/damon: adaptively adjust regions [066/147] mm/idle_page_tracking: make PG_idle reusable [067/147] mm/damon: implement primitives for the virtual memory address spaces [068/147] mm/damon: add a tracepoint [069/147] mm/damon: implement a debugfs-based user space interface [070/147] mm/damon/dbgfs: export kdamond pid to the user space [071/147] mm/damon/dbgfs: support multiple contexts [072/147] Documentation: add documents for DAMON [073/147] mm/damon: add kunit tests [074/147] mm/damon: add user space selftests [075/147] MAINTAINERS: update for DAMON [076/147] alpha: agp: make empty macros use do-while-0 style [077/147] alpha: pci-sysfs: fix all kernel-doc warnings [078/147] percpu: remove export of pcpu_base_addr [079/147] fs/proc/kcore.c: add mmap interface [080/147] proc: stop using seq_get_buf in proc_task_name [081/147] connector: send event on write to /proc/[pid]/comm [082/147] arch: Kconfig: fix spelling mistake "seperate" -> "separate" [083/147] include/linux/once.h: fix trivia typo Not -> Note [084/147] units: change from 'L' to 'UL' [085/147] units: add the HZ macros [086/147] thermal/drivers/devfreq_cooling: use HZ macros [087/147] devfreq: use HZ macros [088/147] iio/drivers/as73211: use HZ macros [089/147] hwmon/drivers/mr75203: use HZ macros [090/147] iio/drivers/hid-sensor: use HZ macros [091/147] i2c/drivers/ov02q10: use HZ macros [092/147] mtd/drivers/nand: use HZ macros [093/147] phy/drivers/stm32: use HZ macros [094/147] kernel/acct.c: use dedicated helper to access rlimit values [095/147] profiling: fix shift-out-of-bounds bugs [096/147] MAINTAINERS: update ClangBuiltLinux mailing list [097/147] Documentation/llvm: update mailing list [098/147] Documentation/llvm: update IRC location [099/147] math: make RATIONAL tristate [100/147] math: RATIONAL_KUNIT_TEST should depend on RATIONAL instead of selecting it [101/147] lib/string: optimized memcpy [102/147] lib/string: optimized memmove [103/147] lib/string: optimized memset [104/147] lib/test: convert test_sort.c to use KUnit [105/147] lib/dump_stack: correct kernel-doc notation [106/147] lib/iov_iter.c: fix kernel-doc warnings [107/147] bitops: protect find_first_{,zero}_bit properly [108/147] bitops: move find_bit__le functions from le.h to find.h [109/147] include: move find.h from asm_generic to linux [110/147] arch: remove GENERIC_FIND_FIRST_BIT entirely [111/147] lib: add find_first_and_bit() [112/147] cpumask: use find_first_and_bit() [113/147] all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate [114/147] tools: sync tools/bitmap with mother linux [115/147] cpumask: replace cpumask_next_ with cpumask_first_* where appropriate [116/147] include/linux: move for_each_bit() macros from bitops.h to find.h [117/147] find: micro-optimize for_each_{set,clear}_bit() [118/147] bitops: replace for_each__bit_from() with for_each__bit() where appropriate [119/147] tools: rename bitmap_alloc() to bitmap_zalloc() [120/147] mm/percpu: micro-optimize pcpu_is_populated() [121/147] bitmap: unify find_bit operations [122/147] lib: bitmap: add performance test for bitmap_print_to_pagebuf [123/147] vsprintf: rework bitmap_list_string [124/147] checkpatch: support wide strings [125/147] checkpatch: make email address check case insensitive [126/147] checkpatch: improve GIT_COMMIT_ID test [127/147] fs/epoll: use a per-cpu counter for user's watches count [128/147] init: move usermodehelper_enable() to populate_rootfs() [130/147] nilfs2: fix memory leak in nilfs_sysfs_create_device_group [131/147] nilfs2: fix NULL pointer in nilfs_##name##_attr_release [132/147] nilfs2: fix memory leak in nilfs_sysfs_create_##name##_group [133/147] nilfs2: fix memory leak in nilfs_sysfs_delete_##name##_group [134/147] nilfs2: fix memory leak in nilfs_sysfs_create_snapshot_group [135/147] nilfs2: fix memory leak in nilfs_sysfs_delete_snapshot_group [136/147] nilfs2: use refcount_dec_and_lock() to fix potential UAF [137/147] fs/coredump.c: log if a core dump is aborted due to changed file permissions [138/147] coredump: fix memleak in dump_vma_snapshot() [139/147] kernel/fork.c: unexport get_{mm,task}_exe_file [140/147] pid: cleanup the stale comment mentioning pidmap_init(). [141/147] prctl: allow to setup brk for et_dyn executables [142/147] configs: remove the obsolete CONFIG_INPUT_POLLDEV [143/147] Kconfig.debug: drop selecting non-existing HARDLOCKUP_DETECTOR_ARCH [144/147] selftests/memfd: remove unused variable [145/147] ipc: replace costly bailout check in sysvipc_find_ipc() [146/147] mm/workingset: correct kernel-doc notations [147/147] scripts: check_extable: fix typo in user error message [129/147] trap: cleanup trap_init()

Andrew Morton Sept. 8, 2021, 2:57 a.m. UTC

From: Feng Zhou <zhoufeng.zf@bytedance.com>
Subject: fs/proc/kcore.c: add mmap interface

When we do the kernel monitor, use the DRGN
(https://github.com/osandov/drgn) access to kernel data structures, found
that the system calls a lot.  DRGN is implemented by reading /proc/kcore. 
After looking at the kcore code, it is found that kcore does not implement
mmap, resulting in frequent context switching triggered by read. 
Therefore, we want to add mmap interface to optimize performance.  Since
vmalloc and module areas will change with allocation and release,
consistency cannot be guaranteed, so mmap interface only maps KCORE_TEXT
and KCORE_RAM.

The test results:
1. the default version of kcore
real 11.00
user 8.53
sys 3.59

% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
99.64  128.578319          12  11168701           pread64
...
------ ----------- ----------- --------- --------- ----------------
100.00  129.042853              11193748       966 total

2. added kcore for the mmap interface
real 6.44
user 7.32
sys 0.24

% time     seconds  usecs/call     calls    errors syscall
------ ----------- ----------- --------- --------- ----------------
32.94    0.130120          24      5317       315 futex
11.66    0.046077          21      2231         1 lstat
 9.23    0.036449         177       206           mmap
...
------ ----------- ----------- --------- --------- ----------------
100.00    0.395077                 25435       971 total

The test results show that the number of system calls and time
consumption are significantly reduced.

Link: https://lkml.kernel.org/r/20210704062208.7898-1-zhoufeng.zf@bytedance.com
Co-developed-by: Ying Chen <chenying.kernel@bytedance.com>
Signed-off-by: Ying Chen <chenying.kernel@bytedance.com>
Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Mike Rapoport <rppt@kernel.org>
Cc: Muchun Song <songmuchun@bytedance.com>
Cc: Chengming Zhou <zhouchengming@bytedance.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
---

 fs/proc/kcore.c |   73 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)

Linus Torvalds Sept. 8, 2021, 6:13 p.m. UTC | #1

On Tue, Sep 7, 2021 at 7:57 PM Andrew Morton <akpm@linux-foundation.org> wrote:
>
> After looking at the kcore code, it is found that kcore does not implement
> mmap, resulting in frequent context switching triggered by read.
> Therefore, we want to add mmap interface to optimize performance.  Since
> vmalloc and module areas will change with allocation and release,
> consistency cannot be guaranteed, so mmap interface only maps KCORE_TEXT
> and KCORE_RAM.

Honestly, I still hate this patch.

The last time people wanted to speed up /dev/kcore accesses, it was
all for black-hat reasons and speeding up kernel attacks.

And this code just makes me nervous even aside from that, because I do
not understand what the heck it's doing.

> +       if (kern_addr_valid(start)) {
> +               if (m->type == KCORE_RAM)
> +                       pfn = __pa(start) >> PAGE_SHIFT;
> +               else if (m->type == KCORE_TEXT)
> +                       pfn = __pa_symbol(start) >> PAGE_SHIFT;

Why is "__pa(start)" right in one situation, and "__pa_symbol(start)"
in another.

So this just makes me go "this is all confusing, dangerous, and the
use-case is dubious".

Mapping kernel memory is dangerous. The use-cases for it are dubious.
The patch isn't obvious.

All of that screams "I'll skip this".

           Linus

Feng Zhou Sept. 9, 2021, 9:56 a.m. UTC | #2

在 2021/9/9 上午2:13, Linus Torvalds 写道:
> On Tue, Sep 7, 2021 at 7:57 PM Andrew Morton <akpm@linux-foundation.org> wrote:
>> After looking at the kcore code, it is found that kcore does not implement
>> mmap, resulting in frequent context switching triggered by read.
>> Therefore, we want to add mmap interface to optimize performance.  Since
>> vmalloc and module areas will change with allocation and release,
>> consistency cannot be guaranteed, so mmap interface only maps KCORE_TEXT
>> and KCORE_RAM.
> Honestly, I still hate this patch.
>
> The last time people wanted to speed up /dev/kcore accesses, it was
> all for black-hat reasons and speeding up kernel attacks.
>
> And this code just makes me nervous even aside from that, because I do
> not understand what the heck it's doing.
>
>
>> +       if (kern_addr_valid(start)) {
>> +               if (m->type == KCORE_RAM)
>> +                       pfn = __pa(start) >> PAGE_SHIFT;
>> +               else if (m->type == KCORE_TEXT)
>> +                       pfn = __pa_symbol(start) >> PAGE_SHIFT;
> Why is "__pa(start)" right in one situation, and "__pa_symbol(start)"
> in another.

Hi, Linus

The use here is refer to "read_kcore" in fs/proc/kcore.c.

list_for_each_entry(m, &kclist_head, list) {
...
if (m->type == KCORE_RAM || m->type == KCORE_REMAP)
phdr->p_paddr = __pa(m->addr);
else if (m->type == KCORE_TEXT)
phdr->p_paddr = __pa_symbol(m->addr);
...
}

Ensure consistency of usage.


>
> So this just makes me go "this is all confusing, dangerous, and the
> use-case is dubious".
>
> Mapping kernel memory is dangerous. The use-cases for it are dubious.
> The patch isn't obvious.

Kcore mmap kernel memory just has read permission.

+	if (vma->vm_flags & (VM_WRITE | VM_EXEC)) {
+		ret = -EPERM;
+		goto out;
+	}
+
+	vma->vm_flags &= ~(VM_MAYWRITE | VM_MAYEXEC);
+	vma->vm_flags |= VM_MIXEDMAP;
+	vma->vm_ops = &kcore_mmap_ops;

Compared to the read interface, kcore mmap has no increased risk, just
reduce context switching.

>
> All of that screams "I'll skip this".
>
>             Linus

Linus Torvalds Sept. 9, 2021, 5:32 p.m. UTC | #3

On Thu, Sep 9, 2021 at 2:57 AM Feng Zhou <zhoufeng.zf@bytedance.com> wrote:
>
> Compared to the read interface, kcore mmap has no increased risk, just
> reduce context switching.

Yes, but the main worry is "do we really need to make this faster and easier"?

Because one of the possible main users is literally the black hat "I
got root, now I want to do a rootkit".

And mmap is very very different from read().

Why? Because using mmap() you can now track changes in realtime (ie
you poll waiting for some memory location to change, possibly even
with hardware assist - like watchpoints or ring3 "monitor/mwait").

So mmap() of the kernel memory literally acts as a prime tool for
looking at and exploiting races.

Which is why I'm _very_ leery of these kinds of interfaces.

Do they have possible good uses? Yes. But the bad uses seem to
actually dominate. The good users don't seem _that_ critical, while
the bad users would seem to absolutely love this interface.

See my argument?

This is basically a very dangerous interface. The fact that it is
read-only doesn't change that at all.

               Linus

Linus Torvalds Sept. 9, 2021, 5:34 p.m. UTC | #4

On Thu, Sep 9, 2021 at 10:32 AM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> This is basically a very dangerous interface. The fact that it is
> read-only doesn't change that at all.

Just to clarify - we've done dangerous interfaces in the past. We
probably have tons of them still that I haven't even thought about,
and I think I can hear somebody sniggering from miles away about
various bugs that cause much more obvious security holes that I didn't
think of.

But the fact that we might have other holes that can be misused,
doesn't mean we have to add new ones that seem to be almost designed
for misuse.

          Linus

Feng Zhou Sept. 10, 2021, 3:18 a.m. UTC | #5

在 2021/9/10 上午1:34, Linus Torvalds 写道:
> On Thu, Sep 9, 2021 at 10:32 AM Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
>> This is basically a very dangerous interface. The fact that it is
>> read-only doesn't change that at all.
> Just to clarify - we've done dangerous interfaces in the past. We
> probably have tons of them still that I haven't even thought about,
> and I think I can hear somebody sniggering from miles away about
> various bugs that cause much more obvious security holes that I didn't
> think of.
>
> But the fact that we might have other holes that can be misused,
> doesn't mean we have to add new ones that seem to be almost designed
> for misuse.
>
>            Linus

Ok, got it.

David Hildenbrand Sept. 10, 2021, 10:08 a.m. UTC | #6

On 08.09.21 04:57, Andrew Morton wrote:
> From: Feng Zhou <zhoufeng.zf@bytedance.com>
> Subject: fs/proc/kcore.c: add mmap interface
> 
> When we do the kernel monitor, use the DRGN
> (https://github.com/osandov/drgn) access to kernel data structures, found
> that the system calls a lot.  DRGN is implemented by reading /proc/kcore.
> After looking at the kcore code, it is found that kcore does not implement
> mmap, resulting in frequent context switching triggered by read.
> Therefore, we want to add mmap interface to optimize performance.  Since
> vmalloc and module areas will change with allocation and release,
> consistency cannot be guaranteed, so mmap interface only maps KCORE_TEXT
> and KCORE_RAM.
> 
> The test results:
> 1. the default version of kcore
> real 11.00
> user 8.53
> sys 3.59
> 
> % time     seconds  usecs/call     calls    errors syscall
> ------ ----------- ----------- --------- --------- ----------------
> 99.64  128.578319          12  11168701           pread64
> ...
> ------ ----------- ----------- --------- --------- ----------------
> 100.00  129.042853              11193748       966 total
> 
> 2. added kcore for the mmap interface
> real 6.44
> user 7.32
> sys 0.24
> 
> % time     seconds  usecs/call     calls    errors syscall
> ------ ----------- ----------- --------- --------- ----------------
> 32.94    0.130120          24      5317       315 futex
> 11.66    0.046077          21      2231         1 lstat
>   9.23    0.036449         177       206           mmap
> ...
> ------ ----------- ----------- --------- --------- ----------------
> 100.00    0.395077                 25435       971 total
> 
> The test results show that the number of system calls and time
> consumption are significantly reduced.
> 
> Link: https://lkml.kernel.org/r/20210704062208.7898-1-zhoufeng.zf@bytedance.com
> Co-developed-by: Ying Chen <chenying.kernel@bytedance.com>
> Signed-off-by: Ying Chen <chenying.kernel@bytedance.com>
> Signed-off-by: Feng Zhou <zhoufeng.zf@bytedance.com>
> Cc: Alexey Dobriyan <adobriyan@gmail.com>
> Cc: Mike Rapoport <rppt@kernel.org>
> Cc: Muchun Song <songmuchun@bytedance.com>
> Cc: Chengming Zhou <zhouchengming@bytedance.com>
> Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
> ---
> 
>   fs/proc/kcore.c |   73 ++++++++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 73 insertions(+)
> 
> --- a/fs/proc/kcore.c~fs-proc-kcorec-add-mmap-interface
> +++ a/fs/proc/kcore.c
> @@ -614,11 +614,84 @@ static int release_kcore(struct inode *i
>   	return 0;
>   }
>   
> +static vm_fault_t mmap_kcore_fault(struct vm_fault *vmf)
> +{
> +	return VM_FAULT_SIGBUS;
> +}
> +
> +static const struct vm_operations_struct kcore_mmap_ops = {
> +	.fault = mmap_kcore_fault,
> +};
> +
> +static int mmap_kcore(struct file *file, struct vm_area_struct *vma)
> +{
> +	size_t size = vma->vm_end - vma->vm_start;
> +	u64 start, end, pfn;
> +	int nphdr;
> +	size_t data_offset;
> +	size_t phdrs_len, notes_len;
> +	struct kcore_list *m = NULL;
> +	int ret = 0;
> +
> +	down_read(&kclist_lock);
> +
> +	get_kcore_size(&nphdr, &phdrs_len, &notes_len, &data_offset);
> +
> +	data_offset &= PAGE_MASK;
> +	start = (u64)vma->vm_pgoff << PAGE_SHIFT;
> +	if (start < data_offset) {
> +		ret = -EINVAL;
> +		goto out;
> +	}
> +	start = kc_offset_to_vaddr(start - data_offset);
> +	end   = start + size;
> +
> +	list_for_each_entry(m, &kclist_head, list) {
> +		if (start >= m->addr && end <= m->addr + m->size)
> +			break;
> +	}
> +
> +	if (&m->list == &kclist_head) {
> +		ret = -EINVAL;
> +		goto out;
> +	}
> +
> +	if (vma->vm_flags & (VM_WRITE | VM_EXEC)) {
> +		ret = -EPERM;
> +		goto out;
> +	}
> +
> +	vma->vm_flags &= ~(VM_MAYWRITE | VM_MAYEXEC);
> +	vma->vm_flags |= VM_MIXEDMAP;
> +	vma->vm_ops = &kcore_mmap_ops;
> +

This breaks all my efforts to sanitize /proc/kore access for virtio-mem.

Is there still a way to nack this?

Sorry I didn't spot this any sooner.

Mike Rapoport Sept. 10, 2021, noon UTC | #7

On Fri, Sep 10, 2021 at 12:08:17PM +0200, David Hildenbrand wrote:
> On 08.09.21 04:57, Andrew Morton wrote:
> > +
> > +	if (vma->vm_flags & (VM_WRITE | VM_EXEC)) {
> > +		ret = -EPERM;
> > +		goto out;
> > +	}
> > +
> > +	vma->vm_flags &= ~(VM_MAYWRITE | VM_MAYEXEC);
> > +	vma->vm_flags |= VM_MIXEDMAP;
> > +	vma->vm_ops = &kcore_mmap_ops;
> > +
> 
> This breaks all my efforts to sanitize /proc/kore access for virtio-mem.
> 
> Is there still a way to nack this?

Already done:

https://lore.kernel.org/mm-commits/CAHk-=wgQ+8kmczLLKCY7yDsGHQBRcZESKd1dNaKbrjUgbWeb3A@mail.gmail.com

and down the same thread.
 
> Sorry I didn't spot this any sooner.
> 
> -- 
> Thanks,
> 
> David / dhildenb
>

David Hildenbrand Sept. 10, 2021, 12:02 p.m. UTC | #8

On 10.09.21 14:00, Mike Rapoport wrote:
> On Fri, Sep 10, 2021 at 12:08:17PM +0200, David Hildenbrand wrote:
>> On 08.09.21 04:57, Andrew Morton wrote:
>>> +
>>> +	if (vma->vm_flags & (VM_WRITE | VM_EXEC)) {
>>> +		ret = -EPERM;
>>> +		goto out;
>>> +	}
>>> +
>>> +	vma->vm_flags &= ~(VM_MAYWRITE | VM_MAYEXEC);
>>> +	vma->vm_flags |= VM_MIXEDMAP;
>>> +	vma->vm_ops = &kcore_mmap_ops;
>>> +
>>
>> This breaks all my efforts to sanitize /proc/kore access for virtio-mem.
>>
>> Is there still a way to nack this?
> 
> Already done:
> 
> https://lore.kernel.org/mm-commits/CAHk-=wgQ+8kmczLLKCY7yDsGHQBRcZESKd1dNaKbrjUgbWeb3A@mail.gmail.com
> 
> and down the same thread.
>   

Yeah, spotted Linus' reply just after I sent my reply.

... afterwards I thought about the implications fpr secretmem and 
ordinary memory hotunplug and was happy that we dodged this bullet. :)

[079/147] fs/proc/kcore.c: add mmap interface

Commit Message

Comments

Patch