Hi,

On Mon, Oct 3, 2022 at 12:01 PM Kirill A. Shutemov [off-list ref] wrote:

On Mon, Oct 03, 2022 at 08:33:13AM +0100, Fuad Tabba wrote:

quoted

quoted

I think it is "don't do that" category. inaccessible_register_notifier()
caller has to know what file it operates on, no?

The thing is, you could oops the kernel from userspace. For that, all
you have to do is a memfd_create without the MFD_INACCESSIBLE,
followed by a KVM_SET_USER_MEMORY_REGION using that as the private_fd.
I ran into this using my port of this patch series to arm64.

My point is that it has to be handled on a different level. KVM has to
reject private_fd if it is now inaccessible. It should be trivial by
checking file->f_inode->i_sb->s_magic.

Yes, that makes sense.

Thanks,
/fuad

--
  Kiryl Shutsemau / Kirill A. Shutemov