The fault handler for the timens page does not have access to the target task and therefore can not be invoked remotely. Currently the handler relies on the fact that the vvar mapping is marked as VM_IO and VM_PFNMAP for which the mm core always prevents remote access. However the VM_IO and VM_PFNMAP flags are going to be removed. Add an explicit check to prevent remote access to the mapping. Signed-off-by: Thomas Weißschuh Tested-by: Nam Cao --- kernel/time/namespace_vdso.c | 7 ++----- lib/vdso/datastore.c | 3 +++ 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/kernel/time/namespace_vdso.c b/kernel/time/namespace_vdso.c index 0d74d160eec9..5ac7b6a6d3a8 100644 --- a/kernel/time/namespace_vdso.c +++ b/kernel/time/namespace_vdso.c @@ -74,11 +74,8 @@ struct page *find_timens_vvar_page(struct vm_area_struct *vma) return current->nsproxy->time_ns->vvar_page; /* - * VM_PFNMAP | VM_IO protect .fault() handler from being called - * through interfaces like /proc/$pid/mem or - * process_vm_{readv,writev}() as long as there's no .access() - * in special_mapping_vmops(). - * For more details check_vma_flags() and __access_remote_vm() + * vvar_fault() protects this from being called through remote interfaces like + * /proc/$pid/mem or process_vm_{readv,writev}(). */ WARN(1, "vvar_page accessed remotely"); diff --git a/lib/vdso/datastore.c b/lib/vdso/datastore.c index f9a1f0fb7ccd..3381ccf9edb1 100644 --- a/lib/vdso/datastore.c +++ b/lib/vdso/datastore.c @@ -68,6 +68,9 @@ static vm_fault_t vvar_fault(const struct vm_special_mapping *sm, { struct page *page, *timens_page; + if (unlikely(vmf->flags & FAULT_FLAG_REMOTE)) + return VM_FAULT_SIGBUS; + page = vdso_data_pages + vmf->pgoff; timens_page = find_timens_vvar_page(vma); -- 2.53.0