| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a1868eac-b6da-4be8-b32a-ec31ed059d55@lucifer.local>
Date: Mon, 2 Oct 2023 23:56:36 +0100
From: Lorenzo Stoakes <lstoakes@...il.com>
To: David Hildenbrand <david@...hat.com>
Cc: linux-mm@...ck.org, linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
Catalin Marinas <catalin.marinas@....com>,
Will Deacon <will@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Ingo Molnar <mingo@...hat.com>,
Arnaldo Carvalho de Melo <acme@...nel.org>,
Mark Rutland <mark.rutland@....com>,
Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
Jiri Olsa <jolsa@...nel.org>,
Namhyung Kim <namhyung@...nel.org>,
Ian Rogers <irogers@...gle.com>,
Adrian Hunter <adrian.hunter@...el.com>,
Oleg Nesterov <oleg@...hat.com>,
Richard Cochran <richardcochran@...il.com>,
Jason Gunthorpe <jgg@...dia.com>,
John Hubbard <jhubbard@...dia.com>,
Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH 4/4] mm/gup: adapt get_user_page_vma_remote() to never
return NULL
On Mon, Oct 02, 2023 at 01:08:41PM +0200, David Hildenbrand wrote:
> On 01.10.23 18:00, Lorenzo Stoakes wrote:
> > get_user_pages_remote() will never return 0 except in the case of
> > FOLL_NOWAIT being specified, which we explicitly disallow.
> >
> > This simplifies error handling for the caller and avoids the awkwardness of
> > dealing with both errors and failing to pin. Failing to pin here is an
> > error.
> >
> > Suggested-by: Arnd Bergmann <arnd@...db.de>
> > Signed-off-by: Lorenzo Stoakes <lstoakes@...il.com>
> > ---
> > arch/arm64/kernel/mte.c | 4 ++--
> > include/linux/mm.h | 16 +++++++++++++---
> > kernel/events/uprobes.c | 4 ++--
> > mm/memory.c | 3 +--
> > 4 files changed, 18 insertions(+), 9 deletions(-)
> >
> > diff --git a/arch/arm64/kernel/mte.c b/arch/arm64/kernel/mte.c
> > index 4edecaac8f91..8878b392df58 100644
> > --- a/arch/arm64/kernel/mte.c
> > +++ b/arch/arm64/kernel/mte.c
> > @@ -411,8 +411,8 @@ static int __access_remote_tags(struct mm_struct *mm, unsigned long addr,
> > struct page *page = get_user_page_vma_remote(mm, addr,
> > gup_flags, &vma);
> > - if (IS_ERR_OR_NULL(page)) {
> > - err = page == NULL ? -EIO : PTR_ERR(page);
> > + if (IS_ERR(page)) {
> > + err = PTR_ERR(page);
> > break;
> > }
> > diff --git a/include/linux/mm.h b/include/linux/mm.h
> > index 7b89f7bd420d..da9631683d38 100644
> > --- a/include/linux/mm.h
> > +++ b/include/linux/mm.h
> > @@ -2425,6 +2425,7 @@ long pin_user_pages_remote(struct mm_struct *mm,
> > unsigned int gup_flags, struct page **pages,
> > int *locked);
> > +/* Either retrieve a single VMA and page, or an error. */
> > static inline struct page *get_user_page_vma_remote(struct mm_struct *mm,
> > unsigned long addr,
> > int gup_flags,
> > @@ -2432,12 +2433,21 @@ static inline struct page *get_user_page_vma_remote(struct mm_struct *mm,
> > {
> > struct page *page;
> > struct vm_area_struct *vma;
> > - int got = get_user_pages_remote(mm, addr, 1, gup_flags, &page, NULL);
> > + int got;
> > +
> > + if (unlikely(gup_flags & FOLL_NOWAIT))
> > + return ERR_PTR(-EINVAL);
> > +
>
> Do we have any callers or do we want to make that official (document it) and
> use WARN_ON_ONCE() instead?
We have no callers who want to do that, will WARN_ON_ONCE() and update
comment in v2.
>
> > + got = get_user_pages_remote(mm, addr, 1, gup_flags, &page, NULL);
> > if (got < 0)
> > return ERR_PTR(got);
> > - if (got == 0)
> > - return NULL;
> > +
> > + /*
> > + * get_user_pages_remote() is guaranteed to not return 0 for
> > + * non-FOLL_NOWAIT contexts, so this should never happen.
> > + */
> > + VM_WARN_ON(got == 0);
>
> You should probably just drop that. Not worth the comment + code and its
> better checked inside get_user_pages_remote().
>
> Ideally, just document that behavior for get_user_pages_remote() "Will never
> return 0 without FOLL_NOWAIT."
Well you'd need to put it at all the other callers of
__get_user_pages_locked() too :) so I think probably not worth doing that,
at least in this patch series.
In any case, we have explicitly added this check there to ensure that's not
possible so I think we're good, will just strip in v2.
>
> --
> Cheers,
>
> David / dhildenb
>
Powered by blists - more mailing lists