| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190109164025.24554-16-rpenyaev@suse.de>
Date: Wed, 9 Jan 2019 17:40:25 +0100
From: Roman Penyaev <rpenyaev@...e.de>
To: unlisted-recipients:; (no To-header on input)
Cc: Roman Penyaev <rpenyaev@...e.de>,
Andrew Morton <akpm@...ux-foundation.org>,
Davidlohr Bueso <dbueso@...e.de>,
Jason Baron <jbaron@...mai.com>,
Al Viro <viro@...iv.linux.org.uk>,
"Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Andrea Parri <andrea.parri@...rulasolutions.com>,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 15/15] epoll: support mapping for epfd when polled from userspace
User has to mmap user_header and user_index vmalloce'd pointers in order to
consume events from userspace. Support mapping with possibility to mremap()
in the future, i.e. vma does not have VM_DONTEXPAND flag set.
User mmaps two pointers: header and index in order to expand both calling
mremap().
Expanding is made with support of the fault callback, where page is mmaped
with all appropriate size checks.
Signed-off-by: Roman Penyaev <rpenyaev@...e.de>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Davidlohr Bueso <dbueso@...e.de>
Cc: Jason Baron <jbaron@...mai.com>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrea Parri <andrea.parri@...rulasolutions.com>
Cc: linux-fsdevel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
---
fs/eventpoll.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 85 insertions(+)
diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 5de640fcf28b..2849b238f80b 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1388,11 +1388,96 @@ static void ep_show_fdinfo(struct seq_file *m, struct file *f)
}
#endif
+static vm_fault_t ep_eventpoll_fault(struct vm_fault *vmf)
+{
+ struct vm_area_struct *vma = vmf->vma;
+ struct eventpoll *ep = vma->vm_file->private_data;
+ size_t off = vmf->address - vma->vm_start;
+ vm_fault_t ret;
+ int rc;
+
+ mutex_lock(&ep->mtx);
+ ret = VM_FAULT_SIGBUS;
+ if (!vma->vm_pgoff) {
+ if (ep->header_length < (off + PAGE_SIZE))
+ goto unlock_and_out;
+
+ rc = remap_vmalloc_range_partial(vma, vmf->address,
+ ep->user_header + off,
+ PAGE_SIZE);
+ } else {
+ if (ep->index_length < (off + PAGE_SIZE))
+ goto unlock_and_out;
+
+ rc = remap_vmalloc_range_partial(vma, vmf->address,
+ ep->user_index + off,
+ PAGE_SIZE);
+ }
+ if (likely(!rc)) {
+ /* Success path */
+ vma->vm_flags &= ~VM_DONTEXPAND;
+ ret = VM_FAULT_NOPAGE;
+ }
+unlock_and_out:
+ mutex_unlock(&ep->mtx);
+
+ return ret;
+}
+
+static const struct vm_operations_struct eventpoll_vm_ops = {
+ .fault = ep_eventpoll_fault,
+};
+
+static int ep_eventpoll_mmap(struct file *filep, struct vm_area_struct *vma)
+{
+ struct eventpoll *ep = vma->vm_file->private_data;
+ size_t size;
+ int rc;
+
+ if (!ep_polled_by_user(ep))
+ return -ENOTSUPP;
+
+ mutex_lock(&ep->mtx);
+ rc = -ENXIO;
+ size = vma->vm_end - vma->vm_start;
+ if (!vma->vm_pgoff && size > ep->header_length)
+ goto unlock_and_out;
+ if (vma->vm_pgoff && ep->header_length != (vma->vm_pgoff << PAGE_SHIFT))
+ /*
+ * Index ring starts exactly after header. In future vm_pgoff
+ * is not used, only as indication what kernel ptr is mapped.
+ */
+ goto unlock_and_out;
+ if (vma->vm_pgoff && size > ep->index_length)
+ goto unlock_and_out;
+
+ /*
+ * vm_pgoff is used *only* for indication, what is mapped: user header
+ * or user index ring.
+ */
+ if (!vma->vm_pgoff)
+ rc = remap_vmalloc_range_partial(vma, vma->vm_start,
+ ep->user_header, size);
+ else
+ rc = remap_vmalloc_range_partial(vma, vma->vm_start,
+ ep->user_index, size);
+
+ if (likely(!rc)) {
+ vma->vm_flags &= ~VM_DONTEXPAND;
+ vma->vm_ops = &eventpoll_vm_ops;
+ }
+unlock_and_out:
+ mutex_unlock(&ep->mtx);
+
+ return rc;
+}
+
/* File callbacks that implement the eventpoll file behaviour */
static const struct file_operations eventpoll_fops = {
#ifdef CONFIG_PROC_FS
.show_fdinfo = ep_show_fdinfo,
#endif
+ .mmap = ep_eventpoll_mmap,
.release = ep_eventpoll_release,
.poll = ep_eventpoll_poll,
.llseek = noop_llseek,
--
2.19.1
Powered by blists - more mailing lists