* [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
@ 2022-05-05 7:10 Yuanzheng Song
2022-05-10 3:37 ` Andrew Morton
2022-05-12 5:39 ` Kees Cook
0 siblings, 2 replies; 4+ messages in thread
From: Yuanzheng Song @ 2022-05-05 7:10 UTC (permalink / raw)
To: akpm; +Cc: linux-mm, linux-kernel, Yuanzheng Song
The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object()
will not work, because the virt_addr_valid() will exclude the kmap and
vmalloc regions. So let's move the virt_addr_valid() below
the is_vmalloc_addr().
Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
---
mm/usercopy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/mm/usercopy.c b/mm/usercopy.c
index ac8a093e90c1..baeacc735b83 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -163,9 +163,6 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
{
struct folio *folio;
- if (!virt_addr_valid(ptr))
- return;
-
if (is_kmap_addr(ptr)) {
unsigned long page_end = (unsigned long)ptr | (PAGE_SIZE - 1);
@@ -190,6 +187,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
return;
}
+ if (!virt_addr_valid(ptr))
+ return;
+
folio = virt_to_folio(ptr);
if (folio_test_slab(folio)) {
--
2.25.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
2022-05-05 7:10 [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr() Yuanzheng Song
@ 2022-05-10 3:37 ` Andrew Morton
2022-05-10 21:54 ` Kees Cook
2022-05-12 5:39 ` Kees Cook
1 sibling, 1 reply; 4+ messages in thread
From: Andrew Morton @ 2022-05-10 3:37 UTC (permalink / raw)
To: Yuanzheng Song; +Cc: linux-mm, linux-kernel, Kees Cook, Matthew Wilcox
Matthew & Kees,
On Thu, 5 May 2022 07:10:37 +0000 Yuanzheng Song <songyuanzheng@huawei.com> wrote:
> The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object()
> will not work, because the virt_addr_valid() will exclude the kmap and
> vmalloc regions. So let's move the virt_addr_valid() below
> the is_vmalloc_addr().
The author,
> Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
Tells me off-list that this fix:
> --- a/mm/usercopy.c
> +++ b/mm/usercopy.c
> @@ -163,9 +163,6 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
> {
> struct folio *folio;
>
> - if (!virt_addr_valid(ptr))
> - return;
> -
> if (is_kmap_addr(ptr)) {
> unsigned long page_end = (unsigned long)ptr | (PAGE_SIZE - 1);
>
> @@ -190,6 +187,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
> return;
> }
>
> + if (!virt_addr_valid(ptr))
> + return;
> +
> folio = virt_to_folio(ptr);
>
> if (folio_test_slab(folio)) {
is required to fix patches "mm/usercopy: Check kmap addresses properly"
and "mm/usercopy: Detect vmalloc overruns".
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
2022-05-10 3:37 ` Andrew Morton
@ 2022-05-10 21:54 ` Kees Cook
0 siblings, 0 replies; 4+ messages in thread
From: Kees Cook @ 2022-05-10 21:54 UTC (permalink / raw)
To: Andrew Morton; +Cc: Yuanzheng Song, linux-mm, linux-kernel, Matthew Wilcox
On Mon, May 09, 2022 at 08:37:32PM -0700, Andrew Morton wrote:
> Matthew & Kees,
>
> On Thu, 5 May 2022 07:10:37 +0000 Yuanzheng Song <songyuanzheng@huawei.com> wrote:
>
> > The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object()
> > will not work, because the virt_addr_valid() will exclude the kmap and
> > vmalloc regions. So let's move the virt_addr_valid() below
> > the is_vmalloc_addr().
>
> The author,
>
> > Signed-off-by: Yuanzheng Song <songyuanzheng@huawei.com>
>
> Tells me off-list that this fix:
>
> > --- a/mm/usercopy.c
> > +++ b/mm/usercopy.c
> > @@ -163,9 +163,6 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
> > {
> > struct folio *folio;
> >
> > - if (!virt_addr_valid(ptr))
> > - return;
> > -
> > if (is_kmap_addr(ptr)) {
> > unsigned long page_end = (unsigned long)ptr | (PAGE_SIZE - 1);
> >
> > @@ -190,6 +187,9 @@ static inline void check_heap_object(const void *ptr, unsigned long n,
> > return;
> > }
> >
> > + if (!virt_addr_valid(ptr))
> > + return;
> > +
> > folio = virt_to_folio(ptr);
> >
> > if (folio_test_slab(folio)) {
>
> is required to fix patches "mm/usercopy: Check kmap addresses properly"
> and "mm/usercopy: Detect vmalloc overruns".
Ah, this very well may be true! I will need to study this (or more
likely, I will build some selftests), but I suspect willy knows off the
top of his head. :)
--
Kees Cook
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
2022-05-05 7:10 [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr() Yuanzheng Song
2022-05-10 3:37 ` Andrew Morton
@ 2022-05-12 5:39 ` Kees Cook
1 sibling, 0 replies; 4+ messages in thread
From: Kees Cook @ 2022-05-12 5:39 UTC (permalink / raw)
To: songyuanzheng, Andrew Morton; +Cc: Kees Cook, linux-mm, linux-kernel
On Thu, 5 May 2022 07:10:37 +0000, Yuanzheng Song wrote:
> The is_kmap_addr() and the is_vmalloc_addr() in the check_heap_object()
> will not work, because the virt_addr_valid() will exclude the kmap and
> vmalloc regions. So let's move the virt_addr_valid() below
> the is_vmalloc_addr().
Applied to for-next/hardening, thanks!
[1/1] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr()
https://git.kernel.org/kees/c/0a76d4c331b4
--
Kees Cook
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-05-12 5:39 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-05 7:10 [PATCH] mm: usercopy: move the virt_addr_valid() below the is_vmalloc_addr() Yuanzheng Song
2022-05-10 3:37 ` Andrew Morton
2022-05-10 21:54 ` Kees Cook
2022-05-12 5:39 ` Kees Cook
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).