| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Feb 2019 14:06:27 +0800
From: Peter Xu <peterx@...hat.com>
To: Mike Rapoport <rppt@...ux.ibm.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
David Hildenbrand <david@...hat.com>,
Hugh Dickins <hughd@...gle.com>,
Maya Gokhale <gokhale2@...l.gov>,
Jerome Glisse <jglisse@...hat.com>,
Pavel Emelyanov <xemul@...tuozzo.com>,
Johannes Weiner <hannes@...xchg.org>,
Martin Cracauer <cracauer@...s.org>, Shaohua Li <shli@...com>,
Marty McFadden <mcfadden8@...l.gov>,
Andrea Arcangeli <aarcange@...hat.com>,
Mike Kravetz <mike.kravetz@...cle.com>,
Denis Plotnikov <dplotnikov@...tuozzo.com>,
Mike Rapoport <rppt@...ux.vnet.ibm.com>,
Mel Gorman <mgorman@...e.de>,
"Kirill A . Shutemov" <kirill@...temov.name>,
"Dr . David Alan Gilbert" <dgilbert@...hat.com>,
Rik van Riel <riel@...hat.com>
Subject: Re: [PATCH v2 20/26] userfaultfd: wp: support write protection for
userfault vma range
On Mon, Feb 25, 2019 at 10:52:34PM +0200, Mike Rapoport wrote:
> On Tue, Feb 12, 2019 at 10:56:26AM +0800, Peter Xu wrote:
> > From: Shaohua Li <shli@...com>
> >
> > Add API to enable/disable writeprotect a vma range. Unlike mprotect,
> > this doesn't split/merge vmas.
> >
> > Cc: Andrea Arcangeli <aarcange@...hat.com>
> > Cc: Rik van Riel <riel@...hat.com>
> > Cc: Kirill A. Shutemov <kirill@...temov.name>
> > Cc: Mel Gorman <mgorman@...e.de>
> > Cc: Hugh Dickins <hughd@...gle.com>
> > Cc: Johannes Weiner <hannes@...xchg.org>
> > Signed-off-by: Shaohua Li <shli@...com>
> > Signed-off-by: Andrea Arcangeli <aarcange@...hat.com>
> > [peterx:
> > - use the helper to find VMA;
> > - return -ENOENT if not found to match mcopy case;
> > - use the new MM_CP_UFFD_WP* flags for change_protection
> > - check against mmap_changing for failures]
> > Signed-off-by: Peter Xu <peterx@...hat.com>
> > ---
> > include/linux/userfaultfd_k.h | 3 ++
> > mm/userfaultfd.c | 54 +++++++++++++++++++++++++++++++++++
> > 2 files changed, 57 insertions(+)
> >
> > diff --git a/include/linux/userfaultfd_k.h b/include/linux/userfaultfd_k.h
> > index 765ce884cec0..8f6e6ed544fb 100644
> > --- a/include/linux/userfaultfd_k.h
> > +++ b/include/linux/userfaultfd_k.h
> > @@ -39,6 +39,9 @@ extern ssize_t mfill_zeropage(struct mm_struct *dst_mm,
> > unsigned long dst_start,
> > unsigned long len,
> > bool *mmap_changing);
> > +extern int mwriteprotect_range(struct mm_struct *dst_mm,
> > + unsigned long start, unsigned long len,
> > + bool enable_wp, bool *mmap_changing);
> >
> > /* mm helpers */
> > static inline bool is_mergeable_vm_userfaultfd_ctx(struct vm_area_struct *vma,
> > diff --git a/mm/userfaultfd.c b/mm/userfaultfd.c
> > index fefa81c301b7..529d180bb4d7 100644
> > --- a/mm/userfaultfd.c
> > +++ b/mm/userfaultfd.c
> > @@ -639,3 +639,57 @@ ssize_t mfill_zeropage(struct mm_struct *dst_mm, unsigned long start,
> > {
> > return __mcopy_atomic(dst_mm, start, 0, len, true, mmap_changing, 0);
> > }
> > +
> > +int mwriteprotect_range(struct mm_struct *dst_mm, unsigned long start,
> > + unsigned long len, bool enable_wp, bool *mmap_changing)
> > +{
> > + struct vm_area_struct *dst_vma;
> > + pgprot_t newprot;
> > + int err;
> > +
> > + /*
> > + * Sanitize the command parameters:
> > + */
> > + BUG_ON(start & ~PAGE_MASK);
> > + BUG_ON(len & ~PAGE_MASK);
> > +
> > + /* Does the address range wrap, or is the span zero-sized? */
> > + BUG_ON(start + len <= start);
>
> I'd replace these BUG_ON()s with
>
> if (WARN_ON())
> return -EINVAL;
I believe BUG_ON() is used because these parameters should have been
checked in userfaultfd_writeprotect() already by the common
validate_range() even before calling mwriteprotect_range(). So I'm
fine with the WARN_ON() approach but I'd slightly prefer to simply
keep the patch as is to keep Jerome's r-b if you won't disagree. :)
Thanks,
--
Peter Xu
Powered by blists - more mailing lists