On Tue, Jan 29, 2019 at 7:21 AM Andrew Morton <[email protected]> wrote: > > On Fri, 25 Jan 2019 09:38:27 -0800 Matthew Wilcox <[email protected]> wrote: > > > It's never appropriate to map a page allocated by SLAB into userspace. > > A buggy device driver might try this, or an attacker might be able to > > find a way to make it happen. > > It wouldn't surprise me if someone somewhere is doing this. Rather > than mysteriously breaking their code, how about we emit a warning and > still permit it to proceed, for a while?
It seems like a fatal condition to me? There's nothing to check that such a page wouldn't get freed by the slab while still mapped to userspace, right? But I'll take warning over not checking. :) -- Kees Cook
