From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, etnaviv@lists.freedesktop.org,
dri-devel@lists.freedesktop.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-media@vger.kernel.org, linux-kselftest@vger.kernel.org,
David Hildenbrand <david@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Jason Gunthorpe <jgg@ziepe.ca>,
John Hubbard <jhubbard@nvidia.com>, Peter Xu <peterx@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Hugh Dickins <hughd@google.com>, Nadav Amit <namit@vmware.com>,
Vlastimil Babka <vbabka@suse.cz>,
Matthew Wilcox <willy@infradead.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Muchun Song <songmuchun@bytedance.com>,
Lucas Stach <l.stach@pengutronix.de>,
David Airlie <airlied@gmail.com>,
Oded Gabbay <ogabbay@kernel.org>, Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH RFC 05/19] mm: add early FAULT_FLAG_WRITE consistency checks
Date: Mon, 7 Nov 2022 17:17:26 +0100 [thread overview]
Message-ID: <20221107161740.144456-6-david@redhat.com> (raw)
In-Reply-To: <20221107161740.144456-1-david@redhat.com>
Let's catch abuse of FAULT_FLAG_WRITE early, such that we don't have to
care in all other handlers and might get "surprises" if we forget to do
so.
Write faults without VM_MAYWRITE don't make any sense, and our
maybe_mkwrite() logic could have hidden such abuse for now.
Write faults without VM_WRITE on something that is not a COW mapping is
similarly broken, and e.g., do_wp_page() could end up placing an
anonymous page into a shared mapping, which would be bad.
This is a preparation for reliable R/O long-term pinning of pages in
private mappings, whereby we want to make sure that we will never break
COW in a read-only private mapping.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
mm/memory.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/memory.c b/mm/memory.c
index fe131273217a..826353da7b23 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5159,6 +5159,14 @@ static vm_fault_t sanitize_fault_flags(struct vm_area_struct *vma,
*/
if (!is_cow_mapping(vma->vm_flags))
*flags &= ~FAULT_FLAG_UNSHARE;
+ } else if (*flags & FAULT_FLAG_WRITE) {
+ /* Write faults on read-only mappings are impossible ... */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE)))
+ return VM_FAULT_SIGSEGV;
+ /* ... and FOLL_FORCE only applies to COW mappings. */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_WRITE) &&
+ !is_cow_mapping(vma->vm_flags)))
+ return VM_FAULT_SIGSEGV;
}
return 0;
}
--
2.38.1
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: David Hildenbrand <david@redhat.com>,
dri-devel@lists.freedesktop.org, linux-mm@kvack.org,
Nadav Amit <namit@vmware.com>,
linux-kselftest@vger.kernel.org,
Andrea Arcangeli <aarcange@redhat.com>,
linux-samsung-soc@vger.kernel.org, linux-rdma@vger.kernel.org,
Hugh Dickins <hughd@google.com>,
Matthew Wilcox <willy@infradead.org>,
Jason Gunthorpe <jgg@ziepe.ca>,
linux-arm-kernel@lists.infradead.org,
linux-media@vger.kernel.org, Arnd Bergmann <arnd@arndb.de>,
John Hubbard <jhubbard@nvidia.com>,
etnaviv@lists.freedesktop.org, Peter Xu <peterx@redhat.com>,
Muchun Song <songmuchun@bytedance.com>,
Vlastimil Babka <vbabka@suse.cz>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Oded Gabbay <ogabbay@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Mike Kravetz <mike.kravetz@oracle.com>
Subject: [PATCH RFC 05/19] mm: add early FAULT_FLAG_WRITE consistency checks
Date: Mon, 7 Nov 2022 17:17:26 +0100 [thread overview]
Message-ID: <20221107161740.144456-6-david@redhat.com> (raw)
In-Reply-To: <20221107161740.144456-1-david@redhat.com>
Let's catch abuse of FAULT_FLAG_WRITE early, such that we don't have to
care in all other handlers and might get "surprises" if we forget to do
so.
Write faults without VM_MAYWRITE don't make any sense, and our
maybe_mkwrite() logic could have hidden such abuse for now.
Write faults without VM_WRITE on something that is not a COW mapping is
similarly broken, and e.g., do_wp_page() could end up placing an
anonymous page into a shared mapping, which would be bad.
This is a preparation for reliable R/O long-term pinning of pages in
private mappings, whereby we want to make sure that we will never break
COW in a read-only private mapping.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
mm/memory.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/memory.c b/mm/memory.c
index fe131273217a..826353da7b23 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5159,6 +5159,14 @@ static vm_fault_t sanitize_fault_flags(struct vm_area_struct *vma,
*/
if (!is_cow_mapping(vma->vm_flags))
*flags &= ~FAULT_FLAG_UNSHARE;
+ } else if (*flags & FAULT_FLAG_WRITE) {
+ /* Write faults on read-only mappings are impossible ... */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE)))
+ return VM_FAULT_SIGSEGV;
+ /* ... and FOLL_FORCE only applies to COW mappings. */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_WRITE) &&
+ !is_cow_mapping(vma->vm_flags)))
+ return VM_FAULT_SIGSEGV;
}
return 0;
}
--
2.38.1
WARNING: multiple messages have this Message-ID (diff)
From: David Hildenbrand <david@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: linux-mm@kvack.org, etnaviv@lists.freedesktop.org,
dri-devel@lists.freedesktop.org,
linux-arm-kernel@lists.infradead.org,
linux-samsung-soc@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-media@vger.kernel.org, linux-kselftest@vger.kernel.org,
David Hildenbrand <david@redhat.com>,
Linus Torvalds <torvalds@linux-foundation.org>,
Andrew Morton <akpm@linux-foundation.org>,
Jason Gunthorpe <jgg@ziepe.ca>,
John Hubbard <jhubbard@nvidia.com>, Peter Xu <peterx@redhat.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Andrea Arcangeli <aarcange@redhat.com>,
Hugh Dickins <hughd@google.com>, Nadav Amit <namit@vmware.com>,
Vlastimil Babka <vbabka@suse.cz>,
Matthew Wilcox <willy@infradead.org>,
Mike Kravetz <mike.kravetz@oracle.com>,
Muchun Song <songmuchun@bytedance.com>,
Lucas Stach <l.stach@pengutronix.de>,
David Airlie <airlied@gmail.com>,
Oded Gabbay <ogabbay@kernel.org>, Arnd Bergmann <arnd@arndb.de>
Subject: [PATCH RFC 05/19] mm: add early FAULT_FLAG_WRITE consistency checks
Date: Mon, 7 Nov 2022 17:17:26 +0100 [thread overview]
Message-ID: <20221107161740.144456-6-david@redhat.com> (raw)
In-Reply-To: <20221107161740.144456-1-david@redhat.com>
Let's catch abuse of FAULT_FLAG_WRITE early, such that we don't have to
care in all other handlers and might get "surprises" if we forget to do
so.
Write faults without VM_MAYWRITE don't make any sense, and our
maybe_mkwrite() logic could have hidden such abuse for now.
Write faults without VM_WRITE on something that is not a COW mapping is
similarly broken, and e.g., do_wp_page() could end up placing an
anonymous page into a shared mapping, which would be bad.
This is a preparation for reliable R/O long-term pinning of pages in
private mappings, whereby we want to make sure that we will never break
COW in a read-only private mapping.
Signed-off-by: David Hildenbrand <david@redhat.com>
---
mm/memory.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/mm/memory.c b/mm/memory.c
index fe131273217a..826353da7b23 100644
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -5159,6 +5159,14 @@ static vm_fault_t sanitize_fault_flags(struct vm_area_struct *vma,
*/
if (!is_cow_mapping(vma->vm_flags))
*flags &= ~FAULT_FLAG_UNSHARE;
+ } else if (*flags & FAULT_FLAG_WRITE) {
+ /* Write faults on read-only mappings are impossible ... */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_MAYWRITE)))
+ return VM_FAULT_SIGSEGV;
+ /* ... and FOLL_FORCE only applies to COW mappings. */
+ if (WARN_ON_ONCE(!(vma->vm_flags & VM_WRITE) &&
+ !is_cow_mapping(vma->vm_flags)))
+ return VM_FAULT_SIGSEGV;
}
return 0;
}
--
2.38.1
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
next prev parent reply other threads:[~2022-11-07 16:20 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-07 16:17 [PATCH RFC 00/19] mm/gup: remove FOLL_FORCE usage from drivers (reliable R/O long-term pinning) David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 01/19] selftests/vm: anon_cow: prepare for non-anonymous COW tests David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 02/19] selftests/vm: cow: basic COW tests for non-anonymous pages David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 03/19] selftests/vm: cow: R/O long-term pinning reliability tests for non-anon pages David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 04/19] mm: add early FAULT_FLAG_UNSHARE consistency checks David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand [this message]
2022-11-07 16:17 ` [PATCH RFC 05/19] mm: add early FAULT_FLAG_WRITE " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 19:03 ` Nadav Amit
2022-11-07 19:03 ` Nadav Amit
2022-11-07 19:03 ` Nadav Amit
2022-11-07 19:27 ` David Hildenbrand
2022-11-07 19:27 ` David Hildenbrand
2022-11-07 19:27 ` David Hildenbrand
2022-11-07 19:50 ` Nadav Amit
2022-11-07 19:50 ` Nadav Amit
2022-11-07 19:50 ` Nadav Amit
2022-11-07 16:17 ` [PATCH RFC 06/19] mm: rework handling in do_wp_page() based on private vs. shared mappings David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 07/19] mm: don't call vm_ops->huge_fault() in wp_huge_pmd()/wp_huge_pud() for private mappings David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 08/19] mm: extend FAULT_FLAG_UNSHARE support to anything in a COW mapping David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 09/19] mm/gup: reliable R/O long-term pinning in COW mappings David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 10/19] RDMA/umem: remove FOLL_FORCE usage David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-14 8:30 ` Leon Romanovsky
2022-11-14 8:30 ` Leon Romanovsky
2022-11-14 8:30 ` Leon Romanovsky
2022-11-07 16:17 ` [PATCH RFC 11/19] RDMA/usnic: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 12/19] RDMA/siw: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 13/19] media: videobuf-dma-sg: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 14/19] drm/etnaviv: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 15/19] media: pci/ivtv: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 16/19] mm/frame-vector: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-08 4:45 ` Tomasz Figa
2022-11-08 4:45 ` Tomasz Figa
2022-11-08 4:45 ` Tomasz Figa
2022-11-08 9:40 ` David Hildenbrand
2022-11-08 9:40 ` David Hildenbrand
2022-11-08 9:40 ` David Hildenbrand
2022-11-22 12:25 ` Hans Verkuil
2022-11-22 12:25 ` Hans Verkuil
2022-11-22 12:25 ` Hans Verkuil
2022-11-22 12:38 ` David Hildenbrand
2022-11-22 12:38 ` David Hildenbrand
2022-11-22 12:38 ` David Hildenbrand
2022-11-22 14:07 ` Hans Verkuil
2022-11-22 14:07 ` Hans Verkuil
2022-11-22 14:07 ` Hans Verkuil
2022-11-22 15:03 ` David Hildenbrand
2022-11-22 15:03 ` David Hildenbrand
2022-11-22 15:03 ` David Hildenbrand
2022-11-22 17:33 ` Linus Torvalds
2022-11-22 17:33 ` Linus Torvalds
2022-11-22 17:33 ` Linus Torvalds
2022-11-07 16:17 ` [PATCH RFC 17/19] drm/exynos: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 18/19] RDMA/hw/qib/qib_user_pages: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` [PATCH RFC 19/19] habanalabs: " David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 16:17 ` David Hildenbrand
2022-11-07 21:25 ` Oded Gabbay
2022-11-07 21:25 ` Oded Gabbay
2022-11-07 21:25 ` Oded Gabbay
2022-11-07 17:27 ` [PATCH RFC 00/19] mm/gup: remove FOLL_FORCE usage from drivers (reliable R/O long-term pinning) Linus Torvalds
2022-11-07 17:27 ` Linus Torvalds
2022-11-07 17:27 ` Linus Torvalds
2022-11-08 9:29 ` David Hildenbrand
2022-11-08 9:29 ` David Hildenbrand
2022-11-08 9:29 ` David Hildenbrand
2022-11-14 6:03 ` Christoph Hellwig
2022-11-14 6:03 ` Christoph Hellwig
2022-11-14 8:07 ` David Hildenbrand
2022-11-14 8:07 ` David Hildenbrand
2022-11-14 8:07 ` David Hildenbrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221107161740.144456-6-david@redhat.com \
--to=david@redhat.com \
--cc=aarcange@redhat.com \
--cc=airlied@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=dri-devel@lists.freedesktop.org \
--cc=etnaviv@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=hughd@google.com \
--cc=jgg@ziepe.ca \
--cc=jhubbard@nvidia.com \
--cc=l.stach@pengutronix.de \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-samsung-soc@vger.kernel.org \
--cc=mike.kravetz@oracle.com \
--cc=namit@vmware.com \
--cc=ogabbay@kernel.org \
--cc=peterx@redhat.com \
--cc=songmuchun@bytedance.com \
--cc=torvalds@linux-foundation.org \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.