On Mon, Sep 23, 2024 at 05:03:56PM GMT, Lorenzo Stoakes wrote:
[...]
> SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec,
> size_t, vlen, int, behavior, unsigned int, flags)
> {
> @@ -1486,10 +1509,9 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec,
> struct iov_iter iter;
> struct task_struct *task;
> struct mm_struct *mm;
> - size_t total_len;
> unsigned int f_flags;
>
> - if (flags != 0) {
> + if (flags & ~PR_MADV_SELF) {
> ret = -EINVAL;
> goto out;
> }
> @@ -1498,13 +1520,26 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec,
> if (ret < 0)
> goto out;
>
> + /*
> + * Perform an madvise operation on the current process. No restrictions
> + * need be applied, nor do we need to pin the task or mm_struct.
> + */
> + if (flags & PR_MADV_SELF) {
> + ret = vector_madvise(current->mm, &iter, behavior);
> + goto free_iov;
> + }
> +
> task = pidfd_get_task(pidfd, &f_flags);
> if (IS_ERR(task)) {
> ret = PTR_ERR(task);
> goto free_iov;
> }
>
> - if (!process_madvise_behavior_valid(behavior)) {
> + /*
> + * We need only perform this check if we are attempting to manipulate a
> + * remote process's address space.
> + */
> + if (mm != current->mm && !process_madvise_remote_valid(behavior)) {
Move the above check after mm is initialized i.e. mm = mm_access().
Shakeel
