| Message ID | 20190129053830.3749-1-willy@infradead.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | mm: Prevent mapping typed pages to userspace | expand |
On Tue, Jan 29, 2019 at 6:38 PM Matthew Wilcox <willy@infradead.org> wrote: > > Pages which use page_type must never be mapped to userspace as it would > destroy their page type. Add an explicit check for this instead of > assuming that kernel drivers always get this right. > > Signed-off-by: Matthew Wilcox <willy@infradead.org> Reviewed-by: Kees Cook <keescook@chromium.org> -Kees > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index ce8c90b752be..db3534bbd652 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, > spinlock_t *ptl; > > retval = -EINVAL; > - if (PageAnon(page) || PageSlab(page)) > + if (PageAnon(page) || PageSlab(page) || page_has_type(page)) > goto out; > retval = -ENOMEM; > flush_dcache_page(page); > -- > 2.20.1 >
On 29.01.19 06:38, Matthew Wilcox wrote: > Pages which use page_type must never be mapped to userspace as it would > destroy their page type. Add an explicit check for this instead of > assuming that kernel drivers always get this right. > > Signed-off-by: Matthew Wilcox <willy@infradead.org> > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index ce8c90b752be..db3534bbd652 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, > spinlock_t *ptl; > > retval = -EINVAL; > - if (PageAnon(page) || PageSlab(page)) > + if (PageAnon(page) || PageSlab(page) || page_has_type(page)) > goto out; > retval = -ENOMEM; > flush_dcache_page(page); > Reviewed-by: David Hildenbrand <david@redhat.com>
diff --git a/mm/memory.c b/mm/memory.c index ce8c90b752be..db3534bbd652 100644 --- a/mm/memory.c +++ b/mm/memory.c @@ -1451,7 +1451,7 @@ static int insert_page(struct vm_area_struct *vma, unsigned long addr, spinlock_t *ptl; retval = -EINVAL; - if (PageAnon(page) || PageSlab(page)) + if (PageAnon(page) || PageSlab(page) || page_has_type(page)) goto out; retval = -ENOMEM; flush_dcache_page(page);
Pages which use page_type must never be mapped to userspace as it would destroy their page type. Add an explicit check for this instead of assuming that kernel drivers always get this right. Signed-off-by: Matthew Wilcox <willy@infradead.org> --- mm/memory.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)