Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds

[PATCH v4 0/7] mm/mprotect: Fix dax puds · Peter Xu <peterx@redhat.com> · 2024-08-07
[PATCH v4 1/7] mm/dax: Dump start address in fault handler · Peter Xu <peterx@redhat.com> · 2024-08-07
[PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Sean Christopherson <seanjc@google.com> · 2024-08-08
Re: [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Peter Xu <peterx@redhat.com> · 2024-08-08
Re: [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Sean Christopherson <seanjc@google.com> · 2024-08-08
Re: [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Peter Xu <peterx@redhat.com> · 2024-08-08
Re: [PATCH v4 2/7] mm/mprotect: Push mmu notifier to PUDs · Sean Christopherson <seanjc@google.com> · 2024-08-08
[PATCH v4 3/7] mm/powerpc: Add missing pud helpers · Peter Xu <peterx@redhat.com> · 2024-08-07
[PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit · Thomas Gleixner <hidden> · 2024-08-07
Re: [PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit · Peter Xu <peterx@redhat.com> · 2024-08-08
Re: [PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit · Thomas Gleixner <hidden> · 2024-08-09
Re: [PATCH v4 4/7] mm/x86: Make pud_leaf() only care about PSE bit · Peter Xu <peterx@redhat.com> · 2024-08-09
[PATCH v4 5/7] mm/x86: arch_check_zapped_pud() · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 5/7] mm/x86: arch_check_zapped_pud() · Thomas Gleixner <hidden> · 2024-08-07
Re: [PATCH v4 5/7] mm/x86: arch_check_zapped_pud() · Peter Xu <peterx@redhat.com> · 2024-08-08
Re: [PATCH v4 5/7] mm/x86: arch_check_zapped_pud() · David Hildenbrand <hidden> · 2024-08-08
[PATCH v4 6/7] mm/x86: Add missing pud helpers · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 6/7] mm/x86: Add missing pud helpers · Thomas Gleixner <hidden> · 2024-08-07
Re: [PATCH v4 6/7] mm/x86: Add missing pud helpers · Peter Xu <peterx@redhat.com> · 2024-08-08
[PATCH v4 7/7] mm/mprotect: fix dax pud handlings · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Andrew Morton <akpm@linux-foundation.org> · 2024-08-07
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Peter Xu <peterx@redhat.com> · 2024-08-07
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Andrew Morton <akpm@linux-foundation.org> · 2024-08-07
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Peter Xu <peterx@redhat.com> · 2024-08-08
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Andrew Morton <akpm@linux-foundation.org> · 2024-08-07
Re: [PATCH v4 0/7] mm/mprotect: Fix dax puds · Peter Xu <peterx@redhat.com> · 2024-08-07

From: Andrew Morton <akpm@linux-foundation.org>
Date: 2024-08-07 21:44:55
Also in: lkml

On Wed, 7 Aug 2024 17:34:10 -0400 Peter Xu [off-list ref] wrote:

The problem is mprotect() will skip the dax 1G PUD while it shouldn't;
meanwhile it'll dump some bad PUD in dmesg.  Both of them look like (corner
case) bugs to me.. where:

  - skipping the 1G pud means mprotect() will succeed even if the pud won't
    be updated with the correct permission specified. Logically that can
    cause e.g. in mprotect(RO) then write the page can cause data corrupt,
    as the pud page will still be writable.

  - the bad pud will generate a pr_err() into dmesg, with no limit so far I
    can see.  So I think it means an userspace can DoS the kernel log if it
    wants.. simply by creating the PUD and keep mprotect-ing it

I edited this important info into the [0/n] text, thanks.

So current kernels can be made to spew into the kernel logs?  That's
considered serious.  Can unprivileged userspace code do this?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help