lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed,  9 Jan 2019 17:40:25 +0100
From:   Roman Penyaev <rpenyaev@...e.de>
To:     unlisted-recipients:; (no To-header on input)
Cc:     Roman Penyaev <rpenyaev@...e.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Davidlohr Bueso <dbueso@...e.de>,
        Jason Baron <jbaron@...mai.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrea Parri <andrea.parri@...rulasolutions.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [RFC PATCH 15/15] epoll: support mapping for epfd when polled from userspace

User has to mmap user_header and user_index vmalloce'd pointers in order to
consume events from userspace.  Support mapping with possibility to mremap()
in the future, i.e. vma does not have VM_DONTEXPAND flag set.

User mmaps two pointers: header and index in order to expand both calling
mremap().

Expanding is made with support of the fault callback, where page is mmaped
with all appropriate size checks.

Signed-off-by: Roman Penyaev <rpenyaev@...e.de>
Cc: Andrew Morton <akpm@...ux-foundation.org>
Cc: Davidlohr Bueso <dbueso@...e.de>
Cc: Jason Baron <jbaron@...mai.com>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrea Parri <andrea.parri@...rulasolutions.com>
Cc: linux-fsdevel@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
---
 fs/eventpoll.c | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/fs/eventpoll.c b/fs/eventpoll.c
index 5de640fcf28b..2849b238f80b 100644
--- a/fs/eventpoll.c
+++ b/fs/eventpoll.c
@@ -1388,11 +1388,96 @@ static void ep_show_fdinfo(struct seq_file *m, struct file *f)
 }
 #endif
 
+static vm_fault_t ep_eventpoll_fault(struct vm_fault *vmf)
+{
+	struct vm_area_struct *vma = vmf->vma;
+	struct eventpoll *ep = vma->vm_file->private_data;
+	size_t off = vmf->address - vma->vm_start;
+	vm_fault_t ret;
+	int rc;
+
+	mutex_lock(&ep->mtx);
+	ret = VM_FAULT_SIGBUS;
+	if (!vma->vm_pgoff) {
+		if (ep->header_length < (off + PAGE_SIZE))
+			goto unlock_and_out;
+
+		rc = remap_vmalloc_range_partial(vma, vmf->address,
+						 ep->user_header + off,
+						 PAGE_SIZE);
+	} else {
+		if (ep->index_length < (off + PAGE_SIZE))
+			goto unlock_and_out;
+
+		rc = remap_vmalloc_range_partial(vma, vmf->address,
+						 ep->user_index + off,
+						 PAGE_SIZE);
+	}
+	if (likely(!rc)) {
+		/* Success path */
+		vma->vm_flags &= ~VM_DONTEXPAND;
+		ret = VM_FAULT_NOPAGE;
+	}
+unlock_and_out:
+	mutex_unlock(&ep->mtx);
+
+	return ret;
+}
+
+static const struct vm_operations_struct eventpoll_vm_ops = {
+	.fault = ep_eventpoll_fault,
+};
+
+static int ep_eventpoll_mmap(struct file *filep, struct vm_area_struct *vma)
+{
+	struct eventpoll *ep = vma->vm_file->private_data;
+	size_t size;
+	int rc;
+
+	if (!ep_polled_by_user(ep))
+		return -ENOTSUPP;
+
+	mutex_lock(&ep->mtx);
+	rc = -ENXIO;
+	size = vma->vm_end - vma->vm_start;
+	if (!vma->vm_pgoff && size > ep->header_length)
+		goto unlock_and_out;
+	if (vma->vm_pgoff && ep->header_length != (vma->vm_pgoff << PAGE_SHIFT))
+		/*
+		 * Index ring starts exactly after header. In future vm_pgoff
+		 * is not used, only as indication what kernel ptr is mapped.
+		 */
+		goto unlock_and_out;
+	if (vma->vm_pgoff && size > ep->index_length)
+		goto unlock_and_out;
+
+	/*
+	 * vm_pgoff is used *only* for indication, what is mapped: user header
+	 * or user index ring.
+	 */
+	if (!vma->vm_pgoff)
+		rc = remap_vmalloc_range_partial(vma, vma->vm_start,
+						 ep->user_header, size);
+	else
+		rc = remap_vmalloc_range_partial(vma, vma->vm_start,
+						 ep->user_index, size);
+
+	if (likely(!rc)) {
+		vma->vm_flags &= ~VM_DONTEXPAND;
+		vma->vm_ops = &eventpoll_vm_ops;
+	}
+unlock_and_out:
+	mutex_unlock(&ep->mtx);
+
+	return rc;
+}
+
 /* File callbacks that implement the eventpoll file behaviour */
 static const struct file_operations eventpoll_fops = {
 #ifdef CONFIG_PROC_FS
 	.show_fdinfo	= ep_show_fdinfo,
 #endif
+	.mmap		= ep_eventpoll_mmap,
 	.release	= ep_eventpoll_release,
 	.poll		= ep_eventpoll_poll,
 	.llseek		= noop_llseek,
-- 
2.19.1

Powered by blists - more mailing lists