From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-20.4 required=3.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 100D1C4363C for ; Wed, 7 Oct 2020 07:39:52 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A8A9F20B1F for ; Wed, 7 Oct 2020 07:39:51 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="Sws+UqMd" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727779AbgJGHju (ORCPT ); Wed, 7 Oct 2020 03:39:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727570AbgJGHjr (ORCPT ); Wed, 7 Oct 2020 03:39:47 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 73AE3C061755 for ; Wed, 7 Oct 2020 00:39:45 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id n18so955123wrs.5 for ; Wed, 07 Oct 2020 00:39:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=Sws+UqMda3na0grxazZ1UlbLBQVvhhiu6dNhWZKXv3enMvB35YibvDyfhFUzaDt6fH i0IcU3KgQ/+JRZNtYHZKQOFEEqRWkSitHK6s3Hn0uGwzhpBEdodMRJIy2nHrHWW/zhyo TtI31JBWQoMHTf1+EtpmkH1F4qlUT+XnCn4RnGj8k05nmx8HPnOG25OqAoUq++rZ2kk8 cjhrH8dDIyWOsyUxSfbgXGEgCjFMsJFSfn35N3rrJuYoNMrniggQ7XfrXks1u3x/bXiP 0H47sRlDULqEKTr8ixihXxBTG4mEL9D2DnN9+xsFIxZnnwVrkiDVrorn1bOx/2yfJhkM Dkew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=exthe45rNDqZ2I+NNR3TxImpjiny9fiGgdKXFH6yMPlR/1vWfKgb+s2JgC05yQHxqN 5QdR9YHDrN/tD2IzhiGgaRa+tz8V+wbGr6txfH0vAPLQzkQUVKABdmI5HIaEXYoBTaKJ zxGTnD2OuKS6WBrghp5EtwG5mOcJvGaOQCi48B5fPwHgNrJYAtkgDwwuyOYtXznu7l2p YTlAGhc9p5v5SE66RydlPW4Kb2+dFccMxbIYBhcyyOxxVQvMKzo2S3fGcq+mWHZSpEK5 8UMKcQ5qr5n5eE4xax3tZ2SjEoxj9vYPQ2cIAd3HIGqIi/9YSl9x1P0t8RKmOXXo3PUh 6y6g== X-Gm-Message-State: AOAM533qpi2GLnanbjDA/4W6OikwMpEVAvYQeDGHg/6+M9aSEEdE1JTg 0zr/asKmp51eHGJtVNDXJO7G1qYI8D1RTw== X-Google-Smtp-Source: ABdhPJyjtCm/NSobuXsdsLBXoocPrZ/xctbDGs32ap8XM2d7TqDHBUehkZB/DCIUyDN0Vi/50goJzw== X-Received: by 2002:adf:fd8c:: with SMTP id d12mr1941981wrr.283.1602056383938; Wed, 07 Oct 2020 00:39:43 -0700 (PDT) Received: from localhost ([2a02:168:96c5:1:55ed:514f:6ad7:5bcc]) by smtp.gmail.com with ESMTPSA id p9sm1475809wmm.4.2020.10.07.00.39.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 00:39:43 -0700 (PDT) From: Jann Horn To: "David S. Miller" , sparclinux@vger.kernel.org, Andrew Morton , linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, Khalid Aziz , Christoph Hellwig , Anthony Yznaga , Catalin Marinas , Will Deacon , linux-arm-kernel@lists.infradead.org, Michael Ellerman , Benjamin Herrenschmidt , Paul Mackerras , linuxppc-dev@lists.ozlabs.org Subject: [PATCH 2/2] sparc: Check VMA range in sparc_validate_prot() Date: Wed, 7 Oct 2020 09:39:32 +0200 Message-Id: <20201007073932.865218-2-jannh@google.com> X-Mailer: git-send-email 2.28.0.806.g8561365e88-goog In-Reply-To: <20201007073932.865218-1-jannh@google.com> References: <20201007073932.865218-1-jannh@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org sparc_validate_prot() is called from do_mprotect_pkey() as arch_validate_prot(); it tries to ensure that an mprotect() call can't enable ADI on incompatible VMAs. The current implementation only checks that the VMA at the start address matches the rules for ADI mappings; instead, check all VMAs that will be affected by mprotect(). (This hook is called before mprotect() makes sure that the specified range is actually covered by VMAs, and mprotect() returns specific error codes when that's not the case. In order for mprotect() to still generate the same error codes for mprotect(, , ...|PROT_ADI), we need to *accept* cases where the range is not fully covered by VMAs.) Cc: stable@vger.kernel.org Fixes: 74a04967482f ("sparc64: Add support for ADI (Application Data Integrity)") Signed-off-by: Jann Horn --- compile-tested only, I don't have a Sparc ADI setup - might be nice if some Sparc person could test this? arch/sparc/include/asm/mman.h | 50 +++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/arch/sparc/include/asm/mman.h b/arch/sparc/include/asm/mman.h index e85222c76585..6dced75567c3 100644 --- a/arch/sparc/include/asm/mman.h +++ b/arch/sparc/include/asm/mman.h @@ -60,31 +60,41 @@ static inline int sparc_validate_prot(unsigned long prot, unsigned long addr, if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM | PROT_ADI)) return 0; if (prot & PROT_ADI) { + struct vm_area_struct *vma, *next; + if (!adi_capable()) return 0; - if (addr) { - struct vm_area_struct *vma; + vma = find_vma(current->mm, addr); + /* if @addr is unmapped, let mprotect() deal with it */ + if (!vma || vma->vm_start > addr) + return 1; + while (1) { + /* ADI can not be enabled on PFN + * mapped pages + */ + if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) + return 0; - vma = find_vma(current->mm, addr); - if (vma) { - /* ADI can not be enabled on PFN - * mapped pages - */ - if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) - return 0; + /* Mergeable pages can become unmergeable + * if ADI is enabled on them even if they + * have identical data on them. This can be + * because ADI enabled pages with identical + * data may still not have identical ADI + * tags on them. Disallow ADI on mergeable + * pages. + */ + if (vma->vm_flags & VM_MERGEABLE) + return 0; - /* Mergeable pages can become unmergeable - * if ADI is enabled on them even if they - * have identical data on them. This can be - * because ADI enabled pages with identical - * data may still not have identical ADI - * tags on them. Disallow ADI on mergeable - * pages. - */ - if (vma->vm_flags & VM_MERGEABLE) - return 0; - } + /* reached the end of the range without errors? */ + if (addr+len <= vma->vm_end) + return 1; + next = vma->vm_next; + /* if a VMA hole follows, let mprotect() deal with it */ + if (!next || next->vm_start != vma->vm_end) + return 1; + vma = next; } } return 1; -- 2.28.0.806.g8561365e88-goog From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jann Horn Date: Wed, 07 Oct 2020 07:39:32 +0000 Subject: [PATCH 2/2] sparc: Check VMA range in sparc_validate_prot() Message-Id: <20201007073932.865218-2-jannh@google.com> List-Id: References: <20201007073932.865218-1-jannh@google.com> In-Reply-To: <20201007073932.865218-1-jannh@google.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: "David S. Miller" , sparclinux@vger.kernel.org, Andrew Morton , linux-mm@kvack.org Cc: Benjamin Herrenschmidt , Catalin Marinas , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Christoph Hellwig , Khalid Aziz , Paul Mackerras , Michael Ellerman , Anthony Yznaga , Will Deacon , linux-arm-kernel@lists.infradead.org sparc_validate_prot() is called from do_mprotect_pkey() as arch_validate_prot(); it tries to ensure that an mprotect() call can't enable ADI on incompatible VMAs. The current implementation only checks that the VMA at the start address matches the rules for ADI mappings; instead, check all VMAs that will be affected by mprotect(). (This hook is called before mprotect() makes sure that the specified range is actually covered by VMAs, and mprotect() returns specific error codes when that's not the case. In order for mprotect() to still generate the same error codes for mprotect(, , ...|PROT_ADI), we need to *accept* cases where the range is not fully covered by VMAs.) Cc: stable@vger.kernel.org Fixes: 74a04967482f ("sparc64: Add support for ADI (Application Data Integrity)") Signed-off-by: Jann Horn --- compile-tested only, I don't have a Sparc ADI setup - might be nice if some Sparc person could test this? arch/sparc/include/asm/mman.h | 50 +++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/arch/sparc/include/asm/mman.h b/arch/sparc/include/asm/mman.h index e85222c76585..6dced75567c3 100644 --- a/arch/sparc/include/asm/mman.h +++ b/arch/sparc/include/asm/mman.h @@ -60,31 +60,41 @@ static inline int sparc_validate_prot(unsigned long prot, unsigned long addr, if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM | PROT_ADI)) return 0; if (prot & PROT_ADI) { + struct vm_area_struct *vma, *next; + if (!adi_capable()) return 0; - if (addr) { - struct vm_area_struct *vma; + vma = find_vma(current->mm, addr); + /* if @addr is unmapped, let mprotect() deal with it */ + if (!vma || vma->vm_start > addr) + return 1; + while (1) { + /* ADI can not be enabled on PFN + * mapped pages + */ + if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) + return 0; - vma = find_vma(current->mm, addr); - if (vma) { - /* ADI can not be enabled on PFN - * mapped pages - */ - if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) - return 0; + /* Mergeable pages can become unmergeable + * if ADI is enabled on them even if they + * have identical data on them. This can be + * because ADI enabled pages with identical + * data may still not have identical ADI + * tags on them. Disallow ADI on mergeable + * pages. + */ + if (vma->vm_flags & VM_MERGEABLE) + return 0; - /* Mergeable pages can become unmergeable - * if ADI is enabled on them even if they - * have identical data on them. This can be - * because ADI enabled pages with identical - * data may still not have identical ADI - * tags on them. Disallow ADI on mergeable - * pages. - */ - if (vma->vm_flags & VM_MERGEABLE) - return 0; - } + /* reached the end of the range without errors? */ + if (addr+len <= vma->vm_end) + return 1; + next = vma->vm_next; + /* if a VMA hole follows, let mprotect() deal with it */ + if (!next || next->vm_start != vma->vm_end) + return 1; + vma = next; } } return 1; -- 2.28.0.806.g8561365e88-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.6 required=3.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED,DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 68266C4363C for ; Wed, 7 Oct 2020 07:43:55 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 5EB662083B for ; Wed, 7 Oct 2020 07:43:53 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="Sws+UqMd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 5EB662083B Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4C5mYM6RhgzDqMv for ; Wed, 7 Oct 2020 18:43:51 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=google.com (client-ip=2a00:1450:4864:20::441; helo=mail-wr1-x441.google.com; envelope-from=jannh@google.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256 header.s=20161025 header.b=Sws+UqMd; dkim-atps=neutral Received: from mail-wr1-x441.google.com (mail-wr1-x441.google.com [IPv6:2a00:1450:4864:20::441]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4C5mSr1tkFzDqMg for ; Wed, 7 Oct 2020 18:39:47 +1100 (AEDT) Received: by mail-wr1-x441.google.com with SMTP id n15so967188wrq.2 for ; Wed, 07 Oct 2020 00:39:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=Sws+UqMda3na0grxazZ1UlbLBQVvhhiu6dNhWZKXv3enMvB35YibvDyfhFUzaDt6fH i0IcU3KgQ/+JRZNtYHZKQOFEEqRWkSitHK6s3Hn0uGwzhpBEdodMRJIy2nHrHWW/zhyo TtI31JBWQoMHTf1+EtpmkH1F4qlUT+XnCn4RnGj8k05nmx8HPnOG25OqAoUq++rZ2kk8 cjhrH8dDIyWOsyUxSfbgXGEgCjFMsJFSfn35N3rrJuYoNMrniggQ7XfrXks1u3x/bXiP 0H47sRlDULqEKTr8ixihXxBTG4mEL9D2DnN9+xsFIxZnnwVrkiDVrorn1bOx/2yfJhkM Dkew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=WH/7Am8EwkiljSUPOMDvlY94jLuxm0yptKEkX+vcUkHiLw2NYRoKamBOZO2RBZyZuA 5hzhpimoRNojsFr6IG2RkjDu4rHSoIiBkfBRPbHbXJRZBhHZfZ7zyKyCUxXhRK0g2/CY l4ElQ+H5XkXdtCSRCEz9IygjaPv7gJ30xmtDncMwDVPojV31OHgicgvT5O2oVhFHEdqa Q6IyJee6jHG91gE2ZAZCpczLsGA1vUNZ4AWJKcWpXEJXNQVREqjhjj2E5MADcYrAd+r4 XMpqf7rNIa+dGrz5OM8mJ6FR33vgl5fGK3qjGVOMD0sUkfqJohXM3qq6TBzAqvaJptbp K5qg== X-Gm-Message-State: AOAM531hd+5eieTzucJ5CxPXRrs7A3ebX/uLITjzGPGOqyvFr9P6UzXw VWhCEHQFda3C8iB7TFJNIXcnQg== X-Google-Smtp-Source: ABdhPJyjtCm/NSobuXsdsLBXoocPrZ/xctbDGs32ap8XM2d7TqDHBUehkZB/DCIUyDN0Vi/50goJzw== X-Received: by 2002:adf:fd8c:: with SMTP id d12mr1941981wrr.283.1602056383938; Wed, 07 Oct 2020 00:39:43 -0700 (PDT) Received: from localhost ([2a02:168:96c5:1:55ed:514f:6ad7:5bcc]) by smtp.gmail.com with ESMTPSA id p9sm1475809wmm.4.2020.10.07.00.39.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 00:39:43 -0700 (PDT) From: Jann Horn To: "David S. Miller" , sparclinux@vger.kernel.org, Andrew Morton , linux-mm@kvack.org Subject: [PATCH 2/2] sparc: Check VMA range in sparc_validate_prot() Date: Wed, 7 Oct 2020 09:39:32 +0200 Message-Id: <20201007073932.865218-2-jannh@google.com> X-Mailer: git-send-email 2.28.0.806.g8561365e88-goog In-Reply-To: <20201007073932.865218-1-jannh@google.com> References: <20201007073932.865218-1-jannh@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Catalin Marinas , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Christoph Hellwig , Khalid Aziz , Paul Mackerras , Anthony Yznaga , Will Deacon , linux-arm-kernel@lists.infradead.org Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" sparc_validate_prot() is called from do_mprotect_pkey() as arch_validate_prot(); it tries to ensure that an mprotect() call can't enable ADI on incompatible VMAs. The current implementation only checks that the VMA at the start address matches the rules for ADI mappings; instead, check all VMAs that will be affected by mprotect(). (This hook is called before mprotect() makes sure that the specified range is actually covered by VMAs, and mprotect() returns specific error codes when that's not the case. In order for mprotect() to still generate the same error codes for mprotect(, , ...|PROT_ADI), we need to *accept* cases where the range is not fully covered by VMAs.) Cc: stable@vger.kernel.org Fixes: 74a04967482f ("sparc64: Add support for ADI (Application Data Integrity)") Signed-off-by: Jann Horn --- compile-tested only, I don't have a Sparc ADI setup - might be nice if some Sparc person could test this? arch/sparc/include/asm/mman.h | 50 +++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/arch/sparc/include/asm/mman.h b/arch/sparc/include/asm/mman.h index e85222c76585..6dced75567c3 100644 --- a/arch/sparc/include/asm/mman.h +++ b/arch/sparc/include/asm/mman.h @@ -60,31 +60,41 @@ static inline int sparc_validate_prot(unsigned long prot, unsigned long addr, if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM | PROT_ADI)) return 0; if (prot & PROT_ADI) { + struct vm_area_struct *vma, *next; + if (!adi_capable()) return 0; - if (addr) { - struct vm_area_struct *vma; + vma = find_vma(current->mm, addr); + /* if @addr is unmapped, let mprotect() deal with it */ + if (!vma || vma->vm_start > addr) + return 1; + while (1) { + /* ADI can not be enabled on PFN + * mapped pages + */ + if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) + return 0; - vma = find_vma(current->mm, addr); - if (vma) { - /* ADI can not be enabled on PFN - * mapped pages - */ - if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) - return 0; + /* Mergeable pages can become unmergeable + * if ADI is enabled on them even if they + * have identical data on them. This can be + * because ADI enabled pages with identical + * data may still not have identical ADI + * tags on them. Disallow ADI on mergeable + * pages. + */ + if (vma->vm_flags & VM_MERGEABLE) + return 0; - /* Mergeable pages can become unmergeable - * if ADI is enabled on them even if they - * have identical data on them. This can be - * because ADI enabled pages with identical - * data may still not have identical ADI - * tags on them. Disallow ADI on mergeable - * pages. - */ - if (vma->vm_flags & VM_MERGEABLE) - return 0; - } + /* reached the end of the range without errors? */ + if (addr+len <= vma->vm_end) + return 1; + next = vma->vm_next; + /* if a VMA hole follows, let mprotect() deal with it */ + if (!next || next->vm_start != vma->vm_end) + return 1; + vma = next; } } return 1; -- 2.28.0.806.g8561365e88-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-13.5 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A9705C41604 for ; Wed, 7 Oct 2020 07:41:29 +0000 (UTC) Received: from merlin.infradead.org (merlin.infradead.org [205.233.59.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2C92C207EA for ; Wed, 7 Oct 2020 07:41:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="MrvHhVSV"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="Sws+UqMd" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2C92C207EA Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=merlin.20170209; h=Sender:Content-Transfer-Encoding: Content-Type:Cc:List-Subscribe:List-Help:List-Post:List-Archive: List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:Message-Id:Date: Subject:To:From:Reply-To:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=aR5Gjyk32v1HJIp5P54v4Zb1iNFCoTDLu2faBv9wddU=; b=MrvHhVSVtaBeEUsV87eIQaY4V ztHv1+Q0lR+fsb3o0GSfyWqo/Y2igbc0oOE1FbWZRUyIhHDzDP0eP0h7ke8S+5vwQefW/7ZcwlzTL oaZzuhZjGE0vYNmOLH3Qzho4U+/YS8mh891J3foALxkh0ZMW87IAham4hnc7FWGYYfaPx96Zx+pEi jwb92bd1vjbmtNbs/FZwZ9IqA5A/YkWhhEgGDC7X6AzzDJUucj/qBnQ3KEe503e9W+P9oHOoKexGh XWBiVM0UJk2F4DI+l4+PtHM32cUoHiKA+2tRTa0Q42B1UsKHhEt84z0NQ08srpRBZK6dQECTF2Xff LXqbhBUwg==; Received: from localhost ([::1] helo=merlin.infradead.org) by merlin.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQ43D-0004hK-7m; Wed, 07 Oct 2020 07:39:51 +0000 Received: from mail-wr1-x442.google.com ([2a00:1450:4864:20::442]) by merlin.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1kQ436-0004es-U3 for linux-arm-kernel@lists.infradead.org; Wed, 07 Oct 2020 07:39:46 +0000 Received: by mail-wr1-x442.google.com with SMTP id j2so948086wrx.7 for ; Wed, 07 Oct 2020 00:39:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=Sws+UqMda3na0grxazZ1UlbLBQVvhhiu6dNhWZKXv3enMvB35YibvDyfhFUzaDt6fH i0IcU3KgQ/+JRZNtYHZKQOFEEqRWkSitHK6s3Hn0uGwzhpBEdodMRJIy2nHrHWW/zhyo TtI31JBWQoMHTf1+EtpmkH1F4qlUT+XnCn4RnGj8k05nmx8HPnOG25OqAoUq++rZ2kk8 cjhrH8dDIyWOsyUxSfbgXGEgCjFMsJFSfn35N3rrJuYoNMrniggQ7XfrXks1u3x/bXiP 0H47sRlDULqEKTr8ixihXxBTG4mEL9D2DnN9+xsFIxZnnwVrkiDVrorn1bOx/2yfJhkM Dkew== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=2AqrczMzdXJGGwH6lL0y5Ag3MFo0UoYjD20TIbYWHHA=; b=ijQb6h6xErZvT710FJ4tL1U1bi7WBtyl3snsK+QRiyoSl1SG5+dA5TjHMemwIcPj/2 c09km79mh9Zmzu+mfwmurIzRbcjlFO+bEYT10KIe5odyU2jVrBEXFrLN6oud+xNEwDG0 3y1r6ZPYHIXRGbIpTxH7DddGUtzwna3djib7gc9gox1RBzYWxJ7W/f6xfrs9oJ4k3kbN MXvduCxUXT5dR5hvVektaujS5r4SbfClKthXdkkpJ8wXKp6F4m3gSuXmz0vc1AkfGDu2 X4+IkjoT+GA71+5IQ683PtMG0XfYC7jG0doWPV71nDZB7R5KneXGx6sKu4BTixw3Z9yb lQqg== X-Gm-Message-State: AOAM532BJ4zqnVnFB3ROM67MqLSrTbj4Np+X5JuYa24QULtxDxBnH4w+ R0pH4UQd/pPGihFTMpHdObQKGg== X-Google-Smtp-Source: ABdhPJyjtCm/NSobuXsdsLBXoocPrZ/xctbDGs32ap8XM2d7TqDHBUehkZB/DCIUyDN0Vi/50goJzw== X-Received: by 2002:adf:fd8c:: with SMTP id d12mr1941981wrr.283.1602056383938; Wed, 07 Oct 2020 00:39:43 -0700 (PDT) Received: from localhost ([2a02:168:96c5:1:55ed:514f:6ad7:5bcc]) by smtp.gmail.com with ESMTPSA id p9sm1475809wmm.4.2020.10.07.00.39.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 07 Oct 2020 00:39:43 -0700 (PDT) From: Jann Horn To: "David S. Miller" , sparclinux@vger.kernel.org, Andrew Morton , linux-mm@kvack.org Subject: [PATCH 2/2] sparc: Check VMA range in sparc_validate_prot() Date: Wed, 7 Oct 2020 09:39:32 +0200 Message-Id: <20201007073932.865218-2-jannh@google.com> X-Mailer: git-send-email 2.28.0.806.g8561365e88-goog In-Reply-To: <20201007073932.865218-1-jannh@google.com> References: <20201007073932.865218-1-jannh@google.com> MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20201007_033944_996561_2B22E434 X-CRM114-Status: GOOD ( 24.64 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Benjamin Herrenschmidt , Catalin Marinas , linuxppc-dev@lists.ozlabs.org, linux-kernel@vger.kernel.org, Christoph Hellwig , Khalid Aziz , Paul Mackerras , Michael Ellerman , Anthony Yznaga , Will Deacon , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+linux-arm-kernel=archiver.kernel.org@lists.infradead.org sparc_validate_prot() is called from do_mprotect_pkey() as arch_validate_prot(); it tries to ensure that an mprotect() call can't enable ADI on incompatible VMAs. The current implementation only checks that the VMA at the start address matches the rules for ADI mappings; instead, check all VMAs that will be affected by mprotect(). (This hook is called before mprotect() makes sure that the specified range is actually covered by VMAs, and mprotect() returns specific error codes when that's not the case. In order for mprotect() to still generate the same error codes for mprotect(, , ...|PROT_ADI), we need to *accept* cases where the range is not fully covered by VMAs.) Cc: stable@vger.kernel.org Fixes: 74a04967482f ("sparc64: Add support for ADI (Application Data Integrity)") Signed-off-by: Jann Horn --- compile-tested only, I don't have a Sparc ADI setup - might be nice if some Sparc person could test this? arch/sparc/include/asm/mman.h | 50 +++++++++++++++++++++-------------- 1 file changed, 30 insertions(+), 20 deletions(-) diff --git a/arch/sparc/include/asm/mman.h b/arch/sparc/include/asm/mman.h index e85222c76585..6dced75567c3 100644 --- a/arch/sparc/include/asm/mman.h +++ b/arch/sparc/include/asm/mman.h @@ -60,31 +60,41 @@ static inline int sparc_validate_prot(unsigned long prot, unsigned long addr, if (prot & ~(PROT_READ | PROT_WRITE | PROT_EXEC | PROT_SEM | PROT_ADI)) return 0; if (prot & PROT_ADI) { + struct vm_area_struct *vma, *next; + if (!adi_capable()) return 0; - if (addr) { - struct vm_area_struct *vma; + vma = find_vma(current->mm, addr); + /* if @addr is unmapped, let mprotect() deal with it */ + if (!vma || vma->vm_start > addr) + return 1; + while (1) { + /* ADI can not be enabled on PFN + * mapped pages + */ + if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) + return 0; - vma = find_vma(current->mm, addr); - if (vma) { - /* ADI can not be enabled on PFN - * mapped pages - */ - if (vma->vm_flags & (VM_PFNMAP | VM_MIXEDMAP)) - return 0; + /* Mergeable pages can become unmergeable + * if ADI is enabled on them even if they + * have identical data on them. This can be + * because ADI enabled pages with identical + * data may still not have identical ADI + * tags on them. Disallow ADI on mergeable + * pages. + */ + if (vma->vm_flags & VM_MERGEABLE) + return 0; - /* Mergeable pages can become unmergeable - * if ADI is enabled on them even if they - * have identical data on them. This can be - * because ADI enabled pages with identical - * data may still not have identical ADI - * tags on them. Disallow ADI on mergeable - * pages. - */ - if (vma->vm_flags & VM_MERGEABLE) - return 0; - } + /* reached the end of the range without errors? */ + if (addr+len <= vma->vm_end) + return 1; + next = vma->vm_next; + /* if a VMA hole follows, let mprotect() deal with it */ + if (!next || next->vm_start != vma->vm_end) + return 1; + vma = next; } } return 1; -- 2.28.0.806.g8561365e88-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel