On 2/16/23 1:09?AM, Helge Deller wrote:
> Some architectures have memory cache aliasing requirements (e.g. parisc)
> if memory is shared between userspace and kernel. This patch fixes the
> kernel to return an aliased address when asked by userspace via mmap().
>
> Signed-off-by: Helge Deller <deller@xxxxxx>
> ---
> v2: Do not allow to map to a user-provided addresss. This forces
> programs to write portable code, as usually on x86 mapping to any
> address will succeed, while it will fail for most provided address if
> used on stricter architectures.
>
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 862e05e6691d..01fe7437a071 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -72,6 +72,7 @@
> #include <linux/io_uring.h>
> #include <linux/audit.h>
> #include <linux/security.h>
> +#include <asm/shmparam.h>
>
> #define CREATE_TRACE_POINTS
> #include <trace/events/io_uring.h>
> @@ -3059,6 +3060,54 @@ static __cold int io_uring_mmap(struct file *file, struct vm_area_struct *vma)
> return remap_pfn_range(vma, vma->vm_start, pfn, sz, vma->vm_page_prot);
> }
>
> +static unsigned long io_uring_mmu_get_unmapped_area(struct file *filp,
> + unsigned long addr, unsigned long len,
> + unsigned long pgoff, unsigned long flags)
> +{
> + const unsigned long mmap_end = arch_get_mmap_end(addr, len, flags);
> + struct vm_unmapped_area_info info;
> + void *ptr;
> +
> + /*
> + * Do not allow to map to user-provided address to avoid breaking the
> + * aliasing rules. Userspace is not able to guess the offset address of
> + * kernel kmalloc()ed memory area.
> + */
> + if (addr)
> + return -EINVAL;
Can we relax this so that if the address is correctly aligned, it will
allow it? The reported issue with sqpoll-cancel-hang.t is due to it
crashing because it's a weird syzbot thing that does mmap() with
MAP_FIXED and an address given.
--
Jens Axboe
