The patch titled
Subject: mseal: add branch prediction hint
has been added to the -mm mm-unstable branch. Its filename is
mseal-add-mseal-syscall-fix.patch
This patch will shortly appear at
https://git.kernel.org/pub/scm/linux/kernel/git/akpm/25-new.git/tree/patches/mseal-add-mseal-syscall-fix.patch
This patch will later appear in the mm-unstable branch at
git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***
The -mm tree is included into linux-next via the mm-everything
branch at git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
and is updated there every 2-3 working days
------------------------------------------------------
From: Jeff Xu <jeffxu@xxxxxxxxxxxx>
Subject: mseal: add branch prediction hint
Date: Tue, 23 Apr 2024 19:28:25 +0000
It is unlikely that application calls mm syscall, such as mprotect, on
already sealed mappings, adding branch prediction hint.
Link: https://lkml.kernel.org/r/20240423192825.1273679-2-jeffxu@xxxxxxxxxxxx
Signed-off-by: Jeff Xu <jeffxu@xxxxxxxxxxxx>
Suggested-by: Pedro Falcato <pedro.falcato@xxxxxxxxx>
Cc: Amer Al Shanawany <amer.shanawany@xxxxxxxxx>
Cc: Dave Hansen <dave.hansen@xxxxxxxxx>
Cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Cc: Guenter Roeck <groeck@xxxxxxxxxxxx>
Cc: Jann Horn <jannh@xxxxxxxxxx>
Cc: Javier Carrasco <javier.carrasco.cruz@xxxxxxxxx>
Cc: Jeff Xu <jeffxu@xxxxxxxxxx>
Cc: Jonathan Corbet <corbet@xxxxxxx>
Cc: Jorge Lucangeli Obes <jorgelo@xxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Liam R. Howlett <Liam.Howlett@xxxxxxxxxx>
Cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Cc: Matthew Wilcox (Oracle) <willy@xxxxxxxxxxxxx>
Cc: Muhammad Usama Anjum <usama.anjum@xxxxxxxxxxxxx>
Cc: Shuah Khan <shuah@xxxxxxxxxx>
Cc: Stephen Röttger <sroettger@xxxxxxxxxx>
Cc: Suren Baghdasaryan <surenb@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
mm/madvise.c | 2 +-
mm/mmap.c | 4 ++--
mm/mprotect.c | 2 +-
mm/mremap.c | 4 ++--
mm/mseal.c | 6 +++---
5 files changed, 9 insertions(+), 9 deletions(-)
--- a/mm/madvise.c~mseal-add-mseal-syscall-fix
+++ a/mm/madvise.c
@@ -1436,7 +1436,7 @@ int do_madvise(struct mm_struct *mm, uns
* Check if the address range is sealed for do_madvise().
* can_modify_mm_madv assumes we have acquired the lock on MM.
*/
- if (!can_modify_mm_madv(mm, start, end, behavior)) {
+ if (unlikely(!can_modify_mm_madv(mm, start, end, behavior))) {
error = -EPERM;
goto out;
}
--- a/mm/mmap.c~mseal-add-mseal-syscall-fix
+++ a/mm/mmap.c
@@ -2740,7 +2740,7 @@ int do_vmi_munmap(struct vma_iterator *v
* Prevent unmapping a sealed VMA.
* can_modify_mm assumes we have acquired the lock on MM.
*/
- if (!can_modify_mm(mm, start, end))
+ if (unlikely(!can_modify_mm(mm, start, end)))
return -EPERM;
/* arch_unmap() might do unmaps itself. */
@@ -3163,7 +3163,7 @@ int do_vma_munmap(struct vma_iterator *v
* Prevent unmapping a sealed VMA.
* can_modify_mm assumes we have acquired the lock on MM.
*/
- if (!can_modify_mm(mm, start, end))
+ if (unlikely(!can_modify_mm(mm, start, end)))
return -EPERM;
arch_unmap(mm, start, end);
--- a/mm/mprotect.c~mseal-add-mseal-syscall-fix
+++ a/mm/mprotect.c
@@ -749,7 +749,7 @@ static int do_mprotect_pkey(unsigned lon
* checking if memory is sealed.
* can_modify_mm assumes we have acquired the lock on MM.
*/
- if (!can_modify_mm(current->mm, start, end)) {
+ if (unlikely(!can_modify_mm(current->mm, start, end))) {
error = -EPERM;
goto out;
}
--- a/mm/mremap.c~mseal-add-mseal-syscall-fix
+++ a/mm/mremap.c
@@ -912,7 +912,7 @@ static unsigned long mremap_to(unsigned
*
* can_modify_mm assumes we have acquired the lock on MM.
*/
- if (!can_modify_mm(mm, addr, addr + old_len))
+ if (unlikely(!can_modify_mm(mm, addr, addr + old_len)))
return -EPERM;
if (flags & MREMAP_FIXED) {
@@ -1087,7 +1087,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, a
* Place can_modify_mm here so we can keep the logic related to
* shrink/expand together.
*/
- if (!can_modify_mm(mm, addr, addr + old_len)) {
+ if (unlikely(!can_modify_mm(mm, addr, addr + old_len))) {
ret = -EPERM;
goto out;
}
--- a/mm/mseal.c~mseal-add-mseal-syscall-fix
+++ a/mm/mseal.c
@@ -32,7 +32,7 @@ static inline void set_vma_sealed(struct
*/
static bool can_modify_vma(struct vm_area_struct *vma)
{
- if (vma_is_sealed(vma))
+ if (unlikely(vma_is_sealed(vma)))
return false;
return true;
@@ -75,7 +75,7 @@ bool can_modify_mm(struct mm_struct *mm,
/* going through each vma to check. */
for_each_vma_range(vmi, vma, end) {
- if (!can_modify_vma(vma))
+ if (unlikely(!can_modify_vma(vma)))
return false;
}
@@ -100,7 +100,7 @@ bool can_modify_mm_madv(struct mm_struct
/* going through each vma to check. */
for_each_vma_range(vmi, vma, end)
- if (is_ro_anon(vma) && !can_modify_vma(vma))
+ if (unlikely(is_ro_anon(vma) && !can_modify_vma(vma)))
return false;
/* Allow by default. */
_
Patches currently in -mm which might be from jeffxu@xxxxxxxxxxxx are
mseal-wire-up-mseal-syscall.patch
mseal-add-mseal-syscall.patch
mseal-add-mseal-syscall-fix.patch
selftest-mm-mseal-memory-sealing.patch
mseal-add-documentation.patch
selftest-mm-mseal-read-only-elf-memory-segment.patch
selftest-mm-mseal-read-only-elf-memory-segment-fix.patch
selftest-mm-mseal-read-only-elf-memory-segment-fix-3.patch
