The patch titled
Subject: mm: untag user pointers passed to memory syscalls
has been added to the -mm tree. Its filename is
mm-untag-user-pointers-passed-to-memory-syscalls.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/mm-untag-user-pointers-passed-to-memory-syscalls.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/mm-untag-user-pointers-passed-to-memory-syscalls.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
Subject: mm: untag user pointers passed to memory syscalls
This patch is a part of a series that extends kernel ABI to allow to pass
tagged user pointers (with the top byte set to something else other than
0x00) as syscall arguments.
This patch allows tagged pointers to be passed to the following memory
syscalls: get_mempolicy, madvise, mbind, mincore, mlock, mlock2, mprotect,
mremap, msync, munlock, move_pages.
The mmap and mremap syscalls do not currently accept tagged addresses.
Architectures may interpret the tag as a background colour for the
corresponding vma.
Link: http://lkml.kernel.org/r/aaf0c0969d46b2feb9017f3e1b3ef3970b633d91.1563904656.git.andreyknvl@xxxxxxxxxx
Signed-off-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
Reviewed-by: Khalid Aziz <khalid.aziz@xxxxxxxxxx>
Reviewed-by: Vincenzo Frascino <vincenzo.frascino@xxxxxxx>
Reviewed-by: Catalin Marinas <catalin.marinas@xxxxxxx>
Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Eric Auger <eric.auger@xxxxxxxxxx>
Cc: Felix Kuehling <Felix.Kuehling@xxxxxxx>
Cc: Jens Wiklander <jens.wiklander@xxxxxxxxxx>
Cc: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Cc: Mike Rapoport <rppt@xxxxxxxxxxxxx>
Cc: Will Deacon <will@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/madvise.c | 2 ++
mm/mempolicy.c | 3 +++
mm/migrate.c | 2 +-
mm/mincore.c | 2 ++
mm/mlock.c | 4 ++++
mm/mprotect.c | 2 ++
mm/mremap.c | 7 +++++++
mm/msync.c | 2 ++
8 files changed, 23 insertions(+), 1 deletion(-)
--- a/mm/madvise.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/madvise.c
@@ -1060,6 +1060,8 @@ SYSCALL_DEFINE3(madvise, unsigned long,
size_t len;
struct blk_plug plug;
+ start = untagged_addr(start);
+
if (!madvise_behavior_valid(behavior))
return error;
--- a/mm/mempolicy.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/mempolicy.c
@@ -1406,6 +1406,7 @@ static long kernel_mbind(unsigned long s
int err;
unsigned short mode_flags;
+ start = untagged_addr(start);
mode_flags = mode & MPOL_MODE_FLAGS;
mode &= ~MPOL_MODE_FLAGS;
if (mode >= MPOL_MAX)
@@ -1559,6 +1560,8 @@ static int kernel_get_mempolicy(int __us
int uninitialized_var(pval);
nodemask_t nodes;
+ addr = untagged_addr(addr);
+
if (nmask != NULL && maxnode < nr_node_ids)
return -EINVAL;
--- a/mm/migrate.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/migrate.c
@@ -1611,7 +1611,7 @@ static int do_pages_move(struct mm_struc
goto out_flush;
if (get_user(node, nodes + i))
goto out_flush;
- addr = (unsigned long)p;
+ addr = (unsigned long)untagged_addr(p);
err = -ENODEV;
if (node < 0 || node >= MAX_NUMNODES)
--- a/mm/mincore.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/mincore.c
@@ -257,6 +257,8 @@ SYSCALL_DEFINE3(mincore, unsigned long,
unsigned long pages;
unsigned char *tmp;
+ start = untagged_addr(start);
+
/* Check the start address: needs to be page-aligned.. */
if (start & ~PAGE_MASK)
return -EINVAL;
--- a/mm/mlock.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/mlock.c
@@ -674,6 +674,8 @@ static __must_check int do_mlock(unsigne
unsigned long lock_limit;
int error = -ENOMEM;
+ start = untagged_addr(start);
+
if (!can_do_mlock())
return -EPERM;
@@ -735,6 +737,8 @@ SYSCALL_DEFINE2(munlock, unsigned long,
{
int ret;
+ start = untagged_addr(start);
+
len = PAGE_ALIGN(len + (offset_in_page(start)));
start &= PAGE_MASK;
--- a/mm/mprotect.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/mprotect.c
@@ -465,6 +465,8 @@ static int do_mprotect_pkey(unsigned lon
const bool rier = (current->personality & READ_IMPLIES_EXEC) &&
(prot & PROT_READ);
+ start = untagged_addr(start);
+
prot &= ~(PROT_GROWSDOWN|PROT_GROWSUP);
if (grows == (PROT_GROWSDOWN|PROT_GROWSUP)) /* can't be both */
return -EINVAL;
--- a/mm/mremap.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/mremap.c
@@ -606,6 +606,13 @@ SYSCALL_DEFINE5(mremap, unsigned long, a
LIST_HEAD(uf_unmap_early);
LIST_HEAD(uf_unmap);
+ /*
+ * Architectures may interpret the tag passed to mmap as a background
+ * colour for the corresponding vma. For mremap we don't allow tagged
+ * new_addr to preserve similar behaviour to mmap.
+ */
+ addr = untagged_addr(addr);
+
if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE))
return ret;
--- a/mm/msync.c~mm-untag-user-pointers-passed-to-memory-syscalls
+++ a/mm/msync.c
@@ -37,6 +37,8 @@ SYSCALL_DEFINE3(msync, unsigned long, st
int unmapped_error = 0;
int error = -EINVAL;
+ start = untagged_addr(start);
+
if (flags & ~(MS_ASYNC | MS_INVALIDATE | MS_SYNC))
goto out;
if (offset_in_page(start))
_
Patches currently in -mm which might be from andreyknvl@xxxxxxxxxx are
lib-untag-user-pointers-in-strn_user.patch
mm-untag-user-pointers-passed-to-memory-syscalls.patch
mm-untag-user-pointers-in-mm-gupc.patch
mm-untag-user-pointers-in-get_vaddr_frames.patch
fs-namespace-untag-user-pointers-in-copy_mount_options.patch
userfaultfd-untag-user-pointers.patch
drm-amdgpu-untag-user-pointers.patch
drm-radeon-untag-user-pointers-in-radeon_gem_userptr_ioctl.patch
media-v4l2-core-untag-user-pointers-in-videobuf_dma_contig_user_get.patch
tee-shm-untag-user-pointers-in-tee_shm_register.patch
vfio-type1-untag-user-pointers-in-vaddr_get_pfn.patch
