[PATCH] ARM: Do not call flush_cache_user_range with mmap_sem held

Russell King - ARM Linux linux at arm.linux.org.uk
Thu Nov 17 05:42:46 EST 2011


On Thu, Nov 17, 2011 at 10:22:05AM +0000, Catalin Marinas wrote:
> BTW, we could even go a step further an remove the vma checks entirely,
> just use access_ok() since __cpuc_coherent_user_range() can handle
> unmapped ranges properly (though it may introduce some latency if some
> user app passes a 3G range but we can change the fixup code to abort the
> operation when it gets a fault that can't be fixed up).

So, do you think that it is acceptable to be able to pass into this from
userspace the arguments '0', '~0', '0' and have the kernel spin over the
entire 4G space, including IO space on any of the supported architectures.

Note that pre-ARMv6 CPUs will spin over that range in 32-byte steps
whether or not there's a page present.

Note that this can starve other threads in the system from running.  That's
a great local DoS attack possible from any priviledge level.

That's why the VMA checks were added 9 years ago.



More information about the linux-arm-kernel mailing list