Linus Torvalds writes: (Summary) And that's a requirement
regardless, because no way in hell should users be able to read the
damn thing.
damn thing.
So it clearly needs to have the PAGE_USER bit clear (to avoid users accessing it directly), and it needs to be marked somehow for get_user_pages() to refuse it too, and access_ok() needs to fail it so that we can't do get_user/put_user on it.
that we can't do get_user/put_user on it.
But the whole RO vs RW is not fundamentally critical. Now, I do agree that RO is much much better in general, and it avoids the requirement to play games with "access_ok()" and friends (assuming we're just ok with users reading it), but I disagree with the whole "this is fundamental".
"this is fundamental".
Linus
Linus
Linus
damn thing.
So it clearly needs to have the PAGE_USER bit clear (to avoid users accessing it directly), and it needs to be marked somehow for get_user_pages() to refuse it too, and access_ok() needs to fail it so that we can't do get_user/put_user on it.
that we can't do get_user/put_user on it.
But the whole RO vs RW is not fundamentally critical. Now, I do agree that RO is much much better in general, and it avoids the requirement to play games with "access_ok()" and friends (assuming we're just ok with users reading it), but I disagree with the whole "this is fundamental".
"this is fundamental".
Linus
Linus
Linus