From patchwork Tue Dec 4 07:39:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alison Schofield X-Patchwork-Id: 10711231 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id CFBEB16B1 for ; Tue, 4 Dec 2018 07:37:45 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BEEBF2A46B for ; Tue, 4 Dec 2018 07:37:45 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B2AE52A544; Tue, 4 Dec 2018 07:37:45 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=unavailable version=3.3.1 Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 577762A46B for ; Tue, 4 Dec 2018 07:37:45 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 58DA86B6D8F; Tue, 4 Dec 2018 02:37:28 -0500 (EST) Delivered-To: linux-mm-outgoing@kvack.org Received: by kanga.kvack.org (Postfix, from userid 40) id 517066B6D93; Tue, 4 Dec 2018 02:37:28 -0500 (EST) X-Original-To: int-list-linux-mm@kvack.org X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2F54E6B6D94; Tue, 4 Dec 2018 02:37:28 -0500 (EST) X-Original-To: linux-mm@kvack.org X-Delivered-To: linux-mm@kvack.org Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by kanga.kvack.org (Postfix) with ESMTP id D15036B6D8F for ; Tue, 4 Dec 2018 02:37:27 -0500 (EST) Received: by mail-pl1-f198.google.com with SMTP id j8so2280512plb.1 for ; Mon, 03 Dec 2018 23:37:27 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-original-authentication-results:x-gm-message-state:from:to:cc :subject:date:message-id:in-reply-to:references:in-reply-to :references; bh=ZqLgbxDqZp4zyv2bWQyitPmwBdJAnCsgQZh0AYa3w1w=; b=HKqrXqhSV1e1Dw5rGYLSefugk6cIE0QXzm7hjwce7ZZ6nUfjXJ/pIWP6SQg6Lpk3/3 VWmA6WntiRaCI4v21vdQK/Q/46r5Mvg5fGfbL+bslhrJ+DTJho5hih2fLvbK7MlCxQXs Y12METzUYNzoOgCmG/evRVZdeF5wSHOIjJOwWcBOb2UQM6iOotLnHxnm9udn2OyA/DN+ 208ua9NBdyxwV0cg4hf3HeBxWRE4b1Br6pv1bwg2o7dIHnj48g/8kHygBtlNlXQKazIm jHwtSJA+9RWbIplEn+Xop3RnnPwHsYW7al3Wj12thAkqlL4+IzRAoUBWL0gZ065IFLEe keQg== X-Original-Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Gm-Message-State: AA+aEWYcwCzjloUyFCQZVCNN2vqB3LjbTS2RRIkbqJI1dJSev9/Zr32o 4p7sgZxOq+Om+AlWG6ZHZi9xLS8stDmK6sJp5uRMeSA7CaJ/yOc8cIzh5hDRm61oJ8gKHTKGs6F Cu5Bq1ZftGwNjIZommxsL/JWwcTUkbwYEvf+vPd/6OxM+OT7fPFfxBx2ALbnGJE56BA== X-Received: by 2002:a63:ce08:: with SMTP id y8mr15822326pgf.388.1543909047506; Mon, 03 Dec 2018 23:37:27 -0800 (PST) X-Google-Smtp-Source: AFSGD/XwqUYN7f9JKigKA/N5PzC5TgSsIW1Ptj/hQ6BSJT4RRKBTh3Tu7MM9TBwOJywes0KMy6kT X-Received: by 2002:a63:ce08:: with SMTP id y8mr15822289pgf.388.1543909046387; Mon, 03 Dec 2018 23:37:26 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543909046; cv=none; d=google.com; s=arc-20160816; b=YpkY3SjUqWndz8BZQ6F4iIpZd0mtDUNxUZ8GakjqGvFiBX2Pyr+mbxgvJucdxqAz4s l9QoQQIK01aeGDOkTTo4d31lIo5FIdjoCRGkHTAZUn45U7Ru6+G5tzvjtytu3UrHTfhw Klqjjo70OzwLfM96Uz7K4/A0kEZFiNbXhFvX1Q8tlRM/DK1U7ZIBlAh9uWHilkOmPM5S R0VvvwnSyZRxb3qcZVsb46u7yh4P9AlkA113mfXs+kCbR6aZCAyESW1NGlxZi+W52AME oEoHL7ZwAw8DyXZRSgaMclqOHZLdXg8LF6U7hO3l7EBCdKHn1kLHTJRCY6v0vwHqs6j+ RgHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=references:in-reply-to:references:in-reply-to:message-id:date :subject:cc:to:from; bh=ZqLgbxDqZp4zyv2bWQyitPmwBdJAnCsgQZh0AYa3w1w=; b=mDGLCyJgdSKEbilBek0oQ+l332Yrh28fPWZjj/pheODZunMDgmoDP2Bq5vkzYiir+b 8+iVn5sNBoCX9RHWkBYZlDj2CxhVc9a0EIdNLwcoE/JLlveM4cnF1mM3vMtmwj0wkLxU PRGGL+o1kaq4ddTapHGlA8sR0uFiMEB0sHGfpDfdK7E2jvMZlwf2m38LfX+EkF5Ci/4G aV/hhhG2neq+j/rAQkTBkF4vH8J75PhzIjccfw4WMzv7Q5kCBXGCrEIdcjYmUirg2kVA J03IYgAmBeV2Uk4y8KjOCXC/+TMyA8z5UqN/r0890nKIn7MeWoMgnDYMbuh9MSr0rM9e PXpA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from mga11.intel.com (mga11.intel.com. [192.55.52.93]) by mx.google.com with ESMTPS id s13si14970777pgc.509.2018.12.03.23.37.26 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Dec 2018 23:37:26 -0800 (PST) Received-SPF: pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) client-ip=192.55.52.93; Authentication-Results: mx.google.com; spf=pass (google.com: domain of alison.schofield@intel.com designates 192.55.52.93 as permitted sender) smtp.mailfrom=alison.schofield@intel.com; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga102.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Dec 2018 23:37:26 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,313,1539673200"; d="scan'208";a="124858776" Received: from alison-desk.jf.intel.com (HELO alison-desk) ([10.54.74.53]) by fmsmga004.fm.intel.com with ESMTP; 03 Dec 2018 23:37:25 -0800 From: Alison Schofield To: dhowells@redhat.com, tglx@linutronix.de Cc: jmorris@namei.org, mingo@redhat.com, hpa@zytor.com, bp@alien8.de, luto@kernel.org, peterz@infradead.org, kirill.shutemov@linux.intel.com, dave.hansen@intel.com, kai.huang@intel.com, jun.nakajima@intel.com, dan.j.williams@intel.com, jarkko.sakkinen@intel.com, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-mm@kvack.org, x86@kernel.org Subject: [RFC v2 09/13] mm: Restrict memory encryption to anonymous VMA's Date: Mon, 3 Dec 2018 23:39:56 -0800 Message-Id: <0b294e74f06a0d6bee51efcd7b0eb1f20b00babe.1543903910.git.alison.schofield@intel.com> X-Mailer: git-send-email 2.7.4 In-Reply-To: References: In-Reply-To: References: X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Memory encryption is only supported for mappings that are ANONYMOUS. Test the entire range of VMA's in an encrypt_mprotect() request to make sure they all meet that requirement before encrypting any. The encrypt_mprotect syscall will return -EINVAL and will not encrypt any VMA's if this check fails. Signed-off-by: Alison Schofield Signed-off-by: Kirill A. Shutemov --- mm/mprotect.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/mm/mprotect.c b/mm/mprotect.c index ad8127dc9aac..f1c009409134 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -345,6 +345,24 @@ static int prot_none_walk(struct vm_area_struct *vma, unsigned long start, return walk_page_range(start, end, &prot_none_walk); } +/* + * Encrypted mprotect is only supported on anonymous mappings. + * All VMA's in the requested range must be anonymous. If this + * test fails on any single VMA, the entire mprotect request fails. + */ +bool mem_supports_encryption(struct vm_area_struct *vma, unsigned long end) +{ + struct vm_area_struct *test_vma = vma; + + do { + if (!vma_is_anonymous(test_vma)) + return false; + + test_vma = test_vma->vm_next; + } while (test_vma && test_vma->vm_start < end); + return true; +} + int mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, unsigned long start, unsigned long end, unsigned long newflags, @@ -531,6 +549,12 @@ static int do_mprotect_ext(unsigned long start, size_t len, goto out; } } + + if (keyid > 0 && !mem_supports_encryption(vma, end)) { + error = -EINVAL; + goto out; + } + if (start > vma->vm_start) prev = vma;