From: Celeste Liu <coelacanthus@outlook.com> To: Palmer Dabbelt <palmer@rivosinc.com>, Paul Walmsley <paul.walmsley@sifive.com>, Albert Ou <aou@eecs.berkeley.edu>, Guo Ren <guoren@kernel.org>, Atish Patra <atishp@rivosinc.com>, Jisheng Zhang <jszhang@kernel.org>, linux-riscv@lists.infradead.org Cc: Celeste Liu <coelacanthus@outlook.com>, Xiongchuan Tan <xc-tan@outlook.com>, Wang Ruikang <dramforever@live.com>, Ruizhe Pan <c141028@gmail.com>, linux-kernel@vger.kernel.org, Yash Shah <yash.shah@sifive.com> Subject: [PATCH v4] riscv: don't allow write but not read page mapping request in mmap Date: Fri, 24 Jun 2022 18:14:28 +0800 [thread overview] Message-ID: <PH7PR14MB55947E9E82EFE9A2817CD692CEB49@PH7PR14MB5594.namprd14.prod.outlook.com> (raw) When Xiongchuan Tan tries to run oe of libaio's tests[1], it encounters a strange behavior: for the same PROT_WRITE only mapping, there was a discrepancy in whether it could be read before and after writing (readable before writing, unreadable after writing). After some investigation, I found that mmap allows write only mapping, an undefined behavior, on RISC-V. As mentioned in Table 4.5 in RISC-V spec Volume 2 Section 4.3 version "20211203 Privileged Architecture v1.12, Ratified"[2], the PTE permission bit combination of "write+!read" is "Reserved for future use.". Hence, don't allow such mapping request in mmap call. In the current code[3], write+exec only is marked as invalid, but write only is not marked as invalid. This patch refines that judgment. [1]: https://pagure.io/libaio/blob/1b18bfafc6a2f7b9fa2c6be77a95afed8b7be448/f/harness/cases/5.t [2]: https://github.com/riscv/riscv-isa-manual/releases/download/Priv-v1.12/riscv-privileged-20211203.pdf [3]: commit e0d17c842c0f ("RISC-V: Don't allow write+exec only page mapping request in mmap") Reported-by: Xiongchuan Tan <xc-tan@outlook.com> Co-developed-by: Wang Ruikang <dramforever@live.com> Signed-off-by: Wang Ruikang <dramforever@live.com> Co-developed-by: Ruizhe Pan <c141028@gmail.com> Signed-off-by: Ruizhe Pan <c141028@gmail.com> Signed-off-by: Celeste Liu <coelacanthus@outlook.com> Reviewed-by: Guo Ren <guoren@kernel.org> Cc: linux-riscv@lists.infradead.org Cc: linux-kernel@vger.kernel.org Cc: Guo Ren <guoren@kernel.org> Cc: Yash Shah <yash.shah@sifive.com> --- v2: This version adds a link to the referenced spec, and reference of the previous related modification. v3: fix DCO signoff name and add comment for reason v4: fix typo in changelog and comment arch/riscv/kernel/sys_riscv.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 9c0194f176fc..f29456cfe68a 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -18,9 +18,14 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len, if (unlikely(offset & (~PAGE_MASK >> page_shift_offset))) return -EINVAL; - if ((prot & PROT_WRITE) && (prot & PROT_EXEC)) - if (unlikely(!(prot & PROT_READ))) - return -EINVAL; + /* + * As mentioned in Table 4.5 in RISC-V spec (20211203) Volume 2 + * Section 4.3 the PTE permission bit combination of "write+!read" + * is "Reserved for future use.". Hence, don't allow such mapping + * request in mmap call. + */ + if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ))) + return -EINVAL; return ksys_mmap_pgoff(addr, len, prot, flags, fd, offset >> (PAGE_SHIFT - page_shift_offset)); -- 2.36.1
WARNING: multiple messages have this Message-ID (diff)
From: Celeste Liu <coelacanthus@outlook.com> To: Palmer Dabbelt <palmer@rivosinc.com>, Paul Walmsley <paul.walmsley@sifive.com>, Albert Ou <aou@eecs.berkeley.edu>, Guo Ren <guoren@kernel.org>, Atish Patra <atishp@rivosinc.com>, Jisheng Zhang <jszhang@kernel.org>, linux-riscv@lists.infradead.org Cc: Celeste Liu <coelacanthus@outlook.com>, Xiongchuan Tan <xc-tan@outlook.com>, Wang Ruikang <dramforever@live.com>, Ruizhe Pan <c141028@gmail.com>, linux-kernel@vger.kernel.org, Yash Shah <yash.shah@sifive.com> Subject: [PATCH v4] riscv: don't allow write but not read page mapping request in mmap Date: Fri, 24 Jun 2022 18:14:28 +0800 [thread overview] Message-ID: <PH7PR14MB55947E9E82EFE9A2817CD692CEB49@PH7PR14MB5594.namprd14.prod.outlook.com> (raw) When Xiongchuan Tan tries to run oe of libaio's tests[1], it encounters a strange behavior: for the same PROT_WRITE only mapping, there was a discrepancy in whether it could be read before and after writing (readable before writing, unreadable after writing). After some investigation, I found that mmap allows write only mapping, an undefined behavior, on RISC-V. As mentioned in Table 4.5 in RISC-V spec Volume 2 Section 4.3 version "20211203 Privileged Architecture v1.12, Ratified"[2], the PTE permission bit combination of "write+!read" is "Reserved for future use.". Hence, don't allow such mapping request in mmap call. In the current code[3], write+exec only is marked as invalid, but write only is not marked as invalid. This patch refines that judgment. [1]: https://pagure.io/libaio/blob/1b18bfafc6a2f7b9fa2c6be77a95afed8b7be448/f/harness/cases/5.t [2]: https://github.com/riscv/riscv-isa-manual/releases/download/Priv-v1.12/riscv-privileged-20211203.pdf [3]: commit e0d17c842c0f ("RISC-V: Don't allow write+exec only page mapping request in mmap") Reported-by: Xiongchuan Tan <xc-tan@outlook.com> Co-developed-by: Wang Ruikang <dramforever@live.com> Signed-off-by: Wang Ruikang <dramforever@live.com> Co-developed-by: Ruizhe Pan <c141028@gmail.com> Signed-off-by: Ruizhe Pan <c141028@gmail.com> Signed-off-by: Celeste Liu <coelacanthus@outlook.com> Reviewed-by: Guo Ren <guoren@kernel.org> Cc: linux-riscv@lists.infradead.org Cc: linux-kernel@vger.kernel.org Cc: Guo Ren <guoren@kernel.org> Cc: Yash Shah <yash.shah@sifive.com> --- v2: This version adds a link to the referenced spec, and reference of the previous related modification. v3: fix DCO signoff name and add comment for reason v4: fix typo in changelog and comment arch/riscv/kernel/sys_riscv.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c index 9c0194f176fc..f29456cfe68a 100644 --- a/arch/riscv/kernel/sys_riscv.c +++ b/arch/riscv/kernel/sys_riscv.c @@ -18,9 +18,14 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len, if (unlikely(offset & (~PAGE_MASK >> page_shift_offset))) return -EINVAL; - if ((prot & PROT_WRITE) && (prot & PROT_EXEC)) - if (unlikely(!(prot & PROT_READ))) - return -EINVAL; + /* + * As mentioned in Table 4.5 in RISC-V spec (20211203) Volume 2 + * Section 4.3 the PTE permission bit combination of "write+!read" + * is "Reserved for future use.". Hence, don't allow such mapping + * request in mmap call. + */ + if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ))) + return -EINVAL; return ksys_mmap_pgoff(addr, len, prot, flags, fd, offset >> (PAGE_SHIFT - page_shift_offset)); -- 2.36.1 _______________________________________________ linux-riscv mailing list linux-riscv@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-riscv
next reply other threads:[~2022-06-24 10:14 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-06-24 10:14 Celeste Liu [this message] 2022-06-24 10:14 ` [PATCH v4] riscv: don't allow write but not read page mapping request in mmap Celeste Liu
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=PH7PR14MB55947E9E82EFE9A2817CD692CEB49@PH7PR14MB5594.namprd14.prod.outlook.com \ --to=coelacanthus@outlook.com \ --cc=aou@eecs.berkeley.edu \ --cc=atishp@rivosinc.com \ --cc=c141028@gmail.com \ --cc=dramforever@live.com \ --cc=guoren@kernel.org \ --cc=jszhang@kernel.org \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-riscv@lists.infradead.org \ --cc=palmer@rivosinc.com \ --cc=paul.walmsley@sifive.com \ --cc=xc-tan@outlook.com \ --cc=yash.shah@sifive.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.