From patchwork Fri Dec 6 15:20:31 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brian Geffon X-Patchwork-Id: 13897282 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D161E77173 for ; Fri, 6 Dec 2024 15:20:46 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 5DA2D8D0005; Fri, 6 Dec 2024 10:20:44 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 2C9566B0272; Fri, 6 Dec 2024 10:20:44 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 07EF68D0005; Fri, 6 Dec 2024 10:20:43 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id C8D806B0271 for ; Fri, 6 Dec 2024 10:20:43 -0500 (EST) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 66C191C8DFF for ; Fri, 6 Dec 2024 15:20:43 +0000 (UTC) X-FDA: 82864895148.17.51D8AE0 Received: from mail-qv1-f73.google.com (mail-qv1-f73.google.com [209.85.219.73]) by imf11.hostedemail.com (Postfix) with ESMTP id 0CC554001B for ; Fri, 6 Dec 2024 15:20:24 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Qn26xMiN; spf=pass (imf11.hostedemail.com: domain of 3RxZTZwcKCAIdighhqpiqqing.eqonkpwz-oomxcem.qti@flex--bgeffon.bounces.google.com designates 209.85.219.73 as permitted sender) smtp.mailfrom=3RxZTZwcKCAIdighhqpiqqing.eqonkpwz-oomxcem.qti@flex--bgeffon.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1733498433; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=IwVnOnXdfn92wl4sT1YHXRB8FIHmKCEwkprjF00N97k=; b=hZLNTpdxp5NEnaGVXh2pn9wL84bB7CPQX1ZS6w+HHIIhiVoEw0Tqb0fXUmKDCHyH5bGo1P +pVca4zJ/OpG1dMf5c0+/KfMfOypfoLnuTnfNqUUyDSuesLZzX/IbgViTNhwP2rDxHERBt Nu5VmfK03eRBqYxR3U9dKJqdqXLmVc0= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=Qn26xMiN; spf=pass (imf11.hostedemail.com: domain of 3RxZTZwcKCAIdighhqpiqqing.eqonkpwz-oomxcem.qti@flex--bgeffon.bounces.google.com designates 209.85.219.73 as permitted sender) smtp.mailfrom=3RxZTZwcKCAIdighhqpiqqing.eqonkpwz-oomxcem.qti@flex--bgeffon.bounces.google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1733498433; a=rsa-sha256; cv=none; b=mPQFF98dkXFuU9vP1bxtEdic0qZ/nKOqV87y9Yw46wnU5QieWgvmoOQVFMwfv3T+cwHpfI AGxTPqhVDaLxhegd2ln0j2fYLoapeU/eJBMKNnqhJ97lbojFgrV3i9qgmcO33z7FiMjtb6 L+0GCF2taaz3YPn6e3i0O/8IO9CPO6c= Received: by mail-qv1-f73.google.com with SMTP id 6a1803df08f44-6d884999693so37405496d6.0 for ; Fri, 06 Dec 2024 07:20:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1733498440; x=1734103240; darn=kvack.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=IwVnOnXdfn92wl4sT1YHXRB8FIHmKCEwkprjF00N97k=; b=Qn26xMiNF/M46doMCJXHR9nVcKxz8l3tN9YoLcC4warbF1J9+bgH0rauJzdQL7SsKr VL7uLV6qrYCFdSLD3d1b5wXwysD8zrXEP/VtIoq7DAPInt6ymkL3kD+C/mEDJhdjguVR Lz/4xrhY9uO+Qn1dthvWnmA5ilWWkBGjXbwNYt4FzrEzrVTy2ilKZYk4thUSvb83Bc9r WPsSBiyOzEc2//JBCrDvQHYvKJRKWnL7vT/c9iiuOSxfPGyRzaqE3Wt65BxwsanHx7lg 3HysVfajsEdfDz7FIAsBopS/aqwksm4Cx4kBNJIrcjNZH5PROzcBfc1FYqFitgVAWfTN 4YrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1733498440; x=1734103240; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=IwVnOnXdfn92wl4sT1YHXRB8FIHmKCEwkprjF00N97k=; b=TdMZN2NuBg+oQo6frkbs/Y8OhyrqilDolSGjQgAFuUzYYQJ6k/StzNDUb/Y0gYzFfj jXfAL5p5TJSKzLr3a+s68XKHnWBnUMTL/9PGt4zJZJEWN6tHIqWH+lS2FNlWqIkRUei3 xX8DLOqTKsMEoxYjATMdi0jqaoZKLqT7g8H3JtKLSfbSi55E1bmWJq5O2UpEkQVAqWBX 528EdX2ogwnR6z5hWlJ9nvd8XVg4uMkrif3wQyPbw/NwScSpvcZi8NHvNwgc3wsx66n8 T5xenKPz6E+74FxDx8RbVS+qGAuMrszkF2favBU7c2V1DIuBGxPCLTxjLRG+0gHK5V8a iuwQ== X-Gm-Message-State: AOJu0YzxpUsPTpJoUr3PNmImSQ/KLdskJfdQEBmGMN96z0kOCwvAh6WS lGaY0J1sU9V4uALeQY9BrQZiJeOcKFBmUGWCp5c/C4U7dzo4RxUhmbJlvzy0unzYDPho8hLd8I6 fVRRryw== X-Google-Smtp-Source: AGHT+IEfH1FXtnHp81uHQNCbhvflcG0KCGwOxAvecsfDiGH/fvZvEhEAXyUWb5dx7T3rn+eUqooSkCPdnl8A X-Received: from qvkj21.prod.google.com ([2002:a0c:e015:0:b0:6d8:a4c0:2078]) (user=bgeffon job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6214:d68:b0:6d8:b3a7:759e with SMTP id 6a1803df08f44-6d8e726ed48mr55069936d6.46.1733498439696; Fri, 06 Dec 2024 07:20:39 -0800 (PST) Date: Fri, 6 Dec 2024 10:20:31 -0500 In-Reply-To: <20241206152032.1222067-1-bgeffon@google.com> Mime-Version: 1.0 References: <20241206152032.1222067-1-bgeffon@google.com> X-Mailer: git-send-email 2.47.0.338.g60cca15819-goog Message-ID: <20241206152032.1222067-2-bgeffon@google.com> Subject: [PATCH 1/2] mremap: Fix new_addr being used as a hint with MREMAP_DONTUNMAP From: Brian Geffon To: Andrew Morton Cc: linux-mm@kvack.org, linux-kernel@vger.kernel.org, Brian Geffon , Marco Vanotti X-Rspamd-Queue-Id: 0CC554001B X-Stat-Signature: idn3zuir6j4s6rqsbf4oorzdx9kzmomn X-Rspam-User: X-Rspamd-Server: rspam11 X-HE-Tag: 1733498424-619663 X-HE-Meta: U2FsdGVkX1+dDmSWstYu2qnmd2pVDXLnz/pQeNkCkWFtQ66Rz8MOfa8vBiJ4TtkYV2YoicrvRgbv7tCOYHNjke5eF/DItBWSn424WbO+wVFKMeoiZ7WvxcgZKsmtWrff8hn7qpcEH+gRA9eHa5xSe6flMtKenQCFGdH1f0WjALtttkb1FGhWoZF/0yzio+dAmzwGPrfU3BhGdigZD8V2EYOt5IhOzQ/lx0Qz+7pzIT/fihPms67hYN7mhNu6a2rhdqRj2OcbQMti7QqdcF7xesMrMPUAPrfxLg16lRDmLKbKKT3KeBbGo3m8b7WwYo7kQsYb78abgHwMaQ7txYAGADrmGxbwpnH72TmKvXvaghHEb+1LXbSOn2lYoFKUbloWDT1b01ZwtNCVKzk+xxcAMA/u1DB9UkYXoSVO65E7Ry1+QkpEtgkmtMo42uj2pQVrS4kTIS8BUdWmh8+LORUqBaUcomsNNqTG80EFFvcIDC0huZJlD+sZpmMjUKkJwqy0+kCOUuA4Il78VjEn+bD8872Y6FQcWC8gltvg7mkH90xlw3S5dPUAEC8Y5pAhFSdsuoBCn7CdlTN4TInOHhx5B+XHH2THt+oR8uzOB0ZgBbB6LatWN1w51fovPkjWnEmP33Yp6HrOq/w75/HJu5QydC6oTpF8cI4EyGJIl/UVZitZ3u7+RQRoXrytMWFVjLURpDllbaNQtLW+N59ifnxg9okjvUuYY7jjTrNy+1Ntoa7nnU2sQARKENwBj9UC02qsXuYks7MyzO/j1oM4xlBg4peXI7XyJHHuO74Rkdi2Wt+m3DzKC+eVfx39ovmmkns5aV1rDU/d6x05H9FaEb7NX2SCVYjuloA22th0m+8Av4/UkXsRS2dMXzsNI31eYIoLwG0+ZV1Cvw/ReR8u3aMnJUqc6ZVNDdIuFFVYWmLjIRxEJRmMJYjfHHKmw9VCYxpWNO3MAKfqrOJ5ux+Sq1+ RiV++8Pi t29JNs9toFHmjtf9MtvXi0Nprbh9sx/VEJJQLii9Gj+/ZvUVIwoceFm4BmAe95vftLOpCa+hUxqrAmz1JSaF8Yc3rLES2jfE7hX3BC1dX6BjkR//Mdkf3Hc3UAmATRdaddHuMdPeLBHFZ2mecLI+AHKIX99VcUI5zLHTMjcbkohI9wm0vYG0VvVV6LyPzRJ00yu6lMPb71/KUrPkS9qoVuyD1gbtmVKKKKMeNyTwk+jS2I4woY3acWRyh+oVyUUfn/FUCvD1aH+L2X00lh8BRbQNYcWtDl+puf0GaVOMkhYtuomauoI4rphI6e3axaVmW+eqV66cSO09+EJ+QItzBDwqX9nWs6P0YJIvsADaL1H09ZmAMjW/aUZaQRtRMOoirtKCp7o9Q4JowQKrXFj/J6NeoEyB31yFjAL6C3Kt6dnghGdcgS+rIYclPbqXzL5RNeqTGSvbnD9je0cDfbi1DyOT5p1jOOzCPmjr7Q3ttAmhOBMaY8WfLEUDqS4PPoB7zuGRxUNao9SbHEsF9JAC9cfLCIAW8B4ITTlqvvHJL6PKxi/i8MHI1UCZj9JD8rPbDRNcq8bFxC4tyP//Wcs1mAM5imw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000553, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Two non-mutually exclusive paths can land in mremap_to, MREMAP_FIXED and MREMAP_DONTUNMAP which are called from mremap(). In the case of MREMAP_FIXED we must validate the new_addr to ensure that the new address is valid. In the case of MREMAP_DONTUNMAP without MREMAP_FIXED a new address is specified as a hint, just like it would be in the case of mmap. In this second case we don't need to perform any checks because get_unmapped_area() will align new_addr, just like it would in the case of mmap. Signed-off-by: Brian Geffon Reported-by: Marco Vanotti --- mm/mremap.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/mm/mremap.c b/mm/mremap.c index 60473413836b..286ffdb883df 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -912,15 +912,27 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, unsigned long ret; unsigned long map_flags = 0; - if (offset_in_page(new_addr)) - return -EINVAL; + /* + * Two non-mutually exclusive paths can land in mremap_to, MREMAP_FIXED + * and MREMAP_DONTUNMAP which are called from mremap(). In the case of + * MREMAP_FIXED we must validate the new_addr to ensure that the new + * address is valid. In the case of MREMAP_DONTUNMAP without MREMAP_FIXED + * a new address is specified as a hint, just like it would be in the + * case of mmap. In this second case we don't need to perform any checks + * because get_unmapped_area() will align new_addr, just like it would in + * the case of mmap. + */ + if (flags & MREMAP_FIXED) { + if (offset_in_page(new_addr)) + return -EINVAL; - if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) - return -EINVAL; + if (new_len > TASK_SIZE || new_addr > TASK_SIZE - new_len) + return -EINVAL; - /* Ensure the old/new locations do not overlap */ - if (addr + old_len > new_addr && new_addr + new_len > addr) - return -EINVAL; + /* Ensure the old/new locations do not overlap */ + if (addr + old_len > new_addr && new_addr + new_len > addr) + return -EINVAL; + } /* * move_vma() need us to stay 4 maps below the threshold, otherwise