From: Andrew Bresticker <abrestic@rivosinc.com>
To: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>,
Atish Patra <atishp@atishpatra.org>,
Celeste Liu <coelacanthus@outlook.com>,
dram <dramforever@live.com>, Ruizhe Pan <c141028@gmail.com>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
Andrew Bresticker <abrestic@rivosinc.com>
Subject: [PATCH v2] riscv: Make mmap() with PROT_WRITE imply PROT_READ
Date: Thu, 8 Sep 2022 14:50:06 -0400 [thread overview]
Message-ID: <20220908185006.1212126-1-abrestic@rivosinc.com> (raw)
In-Reply-To: <20220908170133.1159747-1-abrestic@rivosinc.com>
Commit 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is
invalid") made mmap() return EINVAL if PROT_WRITE was set wihtout
PROT_READ with the justification that a write-only PTE is considered a
reserved PTE permission bit pattern in the privileged spec. This check
is unnecessary since RISC-V defines its protection_map such that PROT_WRITE
maps to the same PTE permissions as PROT_WRITE|PROT_READ, and it is
inconsistent with other architectures that don't support write-only PTEs,
creating a potential software portability issue. Just remove the check
altogether and let PROT_WRITE imply PROT_READ as is the case on other
architectures.
Note that this also allows PROT_WRITE|PROT_EXEC mappings which were
disallowed prior to the aforementioned commit; PROT_READ is implied in
such mappings as well.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
---
v1 -> v2: Update access_error() to account for write-implies-read
---
arch/riscv/kernel/sys_riscv.c | 3 ---
arch/riscv/mm/fault.c | 3 ++-
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index 571556bb9261..5d3f2fbeb33c 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,6 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
- return -EINVAL;
-
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
}
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index f2fbd1400b7c..d86f7cebd4a7 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -184,7 +184,8 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma)
}
break;
case EXC_LOAD_PAGE_FAULT:
- if (!(vma->vm_flags & VM_READ)) {
+ /* Write implies read */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) {
return true;
}
break;
--
2.25.1
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Bresticker <abrestic@rivosinc.com>
To: Palmer Dabbelt <palmer@dabbelt.com>
Cc: Paul Walmsley <paul.walmsley@sifive.com>,
Atish Patra <atishp@atishpatra.org>,
Celeste Liu <coelacanthus@outlook.com>,
dram <dramforever@live.com>, Ruizhe Pan <c141028@gmail.com>,
linux-riscv@lists.infradead.org, linux-kernel@vger.kernel.org,
Andrew Bresticker <abrestic@rivosinc.com>
Subject: [PATCH v2] riscv: Make mmap() with PROT_WRITE imply PROT_READ
Date: Thu, 8 Sep 2022 14:50:06 -0400 [thread overview]
Message-ID: <20220908185006.1212126-1-abrestic@rivosinc.com> (raw)
In-Reply-To: <20220908170133.1159747-1-abrestic@rivosinc.com>
Commit 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is
invalid") made mmap() return EINVAL if PROT_WRITE was set wihtout
PROT_READ with the justification that a write-only PTE is considered a
reserved PTE permission bit pattern in the privileged spec. This check
is unnecessary since RISC-V defines its protection_map such that PROT_WRITE
maps to the same PTE permissions as PROT_WRITE|PROT_READ, and it is
inconsistent with other architectures that don't support write-only PTEs,
creating a potential software portability issue. Just remove the check
altogether and let PROT_WRITE imply PROT_READ as is the case on other
architectures.
Note that this also allows PROT_WRITE|PROT_EXEC mappings which were
disallowed prior to the aforementioned commit; PROT_READ is implied in
such mappings as well.
Fixes: 2139619bcad7 ("riscv: mmap with PROT_WRITE but no PROT_READ is invalid")
Signed-off-by: Andrew Bresticker <abrestic@rivosinc.com>
---
v1 -> v2: Update access_error() to account for write-implies-read
---
arch/riscv/kernel/sys_riscv.c | 3 ---
arch/riscv/mm/fault.c | 3 ++-
2 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index 571556bb9261..5d3f2fbeb33c 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -18,9 +18,6 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
- if (unlikely((prot & PROT_WRITE) && !(prot & PROT_READ)))
- return -EINVAL;
-
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
}
diff --git a/arch/riscv/mm/fault.c b/arch/riscv/mm/fault.c
index f2fbd1400b7c..d86f7cebd4a7 100644
--- a/arch/riscv/mm/fault.c
+++ b/arch/riscv/mm/fault.c
@@ -184,7 +184,8 @@ static inline bool access_error(unsigned long cause, struct vm_area_struct *vma)
}
break;
case EXC_LOAD_PAGE_FAULT:
- if (!(vma->vm_flags & VM_READ)) {
+ /* Write implies read */
+ if (!(vma->vm_flags & (VM_READ | VM_WRITE))) {
return true;
}
break;
--
2.25.1
_______________________________________________
linux-riscv mailing list
linux-riscv@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-riscv
next prev parent reply other threads:[~2022-09-08 18:50 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 17:01 [PATCH] riscv: Allow PROT_WRITE-only mmap() Andrew Bresticker
2022-09-08 17:01 ` Andrew Bresticker
2022-09-08 17:21 ` SS JieJi
2022-09-08 17:21 ` SS JieJi
2022-09-08 17:28 ` SS JieJi
2022-09-08 17:28 ` SS JieJi
2022-09-08 18:14 ` Andrew Bresticker
2022-09-08 18:14 ` Andrew Bresticker
2022-09-08 18:50 ` Andrew Bresticker [this message]
2022-09-08 18:50 ` [PATCH v2] riscv: Make mmap() with PROT_WRITE imply PROT_READ Andrew Bresticker
2022-09-08 18:56 ` SS JieJi
2022-09-08 18:56 ` SS JieJi
2022-09-08 19:18 ` Andrew Bresticker
2022-09-08 19:18 ` Andrew Bresticker
2022-09-09 3:01 ` Celeste Liu
2022-09-09 3:01 ` Celeste Liu
2022-09-09 11:42 ` Coelacanthus
2022-09-09 11:42 ` Coelacanthus
2022-09-09 15:16 ` Andrew Bresticker
2022-09-09 15:16 ` Andrew Bresticker
2022-09-09 15:45 ` Celeste Liu
2022-09-09 15:45 ` Celeste Liu
2022-09-09 18:52 ` Atish Patra
2022-09-09 18:52 ` Atish Patra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220908185006.1212126-1-abrestic@rivosinc.com \
--to=abrestic@rivosinc.com \
--cc=atishp@atishpatra.org \
--cc=c141028@gmail.com \
--cc=coelacanthus@outlook.com \
--cc=dramforever@live.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.