From patchwork Thu May  3 20:32:42 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Davidlohr Bueso <dave@stgolabs.net>
X-Patchwork-Id: 10379233
Return-Path: <owner-linux-mm@kvack.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	92DA46037D for <patchwork-linux-mm@patchwork.kernel.org>;
	Thu,  3 May 2018 20:47:34 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 804CC29195
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Thu,  3 May 2018 20:47:34 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 743AB29284; Thu,  3 May 2018 20:47:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.9 required=2.0 tests=BAYES_00, MAILING_LIST_MULTI,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D0F2D29195
	for <patchwork-linux-mm@patchwork.kernel.org>;
	Thu,  3 May 2018 20:47:33 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 90BD36B0011; Thu,  3 May 2018 16:47:30 -0400 (EDT)
Delivered-To: linux-mm-outgoing@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 896FE6B0012; Thu,  3 May 2018 16:47:30 -0400 (EDT)
X-Original-To: int-list-linux-mm@kvack.org
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 736B66B0022; Thu,  3 May 2018 16:47:30 -0400 (EDT)
X-Original-To: linux-mm@kvack.org
X-Delivered-To: linux-mm@kvack.org
Received: from mail-pg0-f72.google.com (mail-pg0-f72.google.com
	[74.125.83.72])
	by kanga.kvack.org (Postfix) with ESMTP id 2162C6B0011
	for <linux-mm@kvack.org>; Thu,  3 May 2018 16:47:30 -0400 (EDT)
Received: by mail-pg0-f72.google.com with SMTP id n2-v6so12711932pgs.2
	for <linux-mm@kvack.org>; Thu, 03 May 2018 13:47:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-original-authentication-results:x-gm-message-state:from:to:cc
	:subject:date:message-id:in-reply-to:references;
	bh=9K/EG8S8UrhLnzP1V12uFrnS9vletEtvcK1QrgtLdCc=;
	b=I4mfbBEZYCI/7ZgCekZn4oiylDdUtX4DaRmP4ZdyMby3vzRCU1bi6K6NFDR7v2AR/N
	f5uPiJZFT3JljPlHFfN4iZRxeuTph3oarH3AHz0QYOJUPenL9yvaw8q+kejBKnS9N7eL
	p7j4vVSfhOXfGi1rpRZ611XinDc8+4YNtawYQUcOIdAUMh+xo4pTrXncjLad5A8S5ZYe
	xl4nWuvF7fPIAfCjqwfMwLJ+hd6w11ZA8a6Ymax+giQ3+l7qBCjoxCrKK1ofiaDw/y19
	L64ZHzjStrtHcs5MEBS2YngRy8iuCJn/e99JLKgBJHHlmVrr+ciRGGepFgG1X6YFUrhD
	Hoew==
X-Original-Authentication-Results: mx.google.com;
	spf=softfail (google.com: domain of
	transitioning dave@stgolabs.net does not designate
	137.65.250.81 as permitted sender)
	smtp.mailfrom=dave@stgolabs.net
X-Gm-Message-State: ALQs6tCMVD38ojr3Q4LdvRNmHcr4IG2wbx58w7XWE0+wnBbfB27w5plt
	S8/JB+xBHWb4VJy1P/Pm09wGQA1vJnNihCUep/mUkwrrRsYaDIZps94OqiqtaxJOn9wYtKwoAqX
	7thOAazbLkkRXCIDW1niTnlZowDhcfUB1euGVeXJvfMhVUPtMKXS68EtK1Zd0Nzo=
X-Received: by 2002:a65:5047:: with SMTP id
	k7-v6mr19934154pgo.93.1525380449791;
	Thu, 03 May 2018 13:47:29 -0700 (PDT)
X-Google-Smtp-Source: 
 AB8JxZp8IK00giU2uCMC8rb6llnsieBLzwf8LPFwn0wpvzcHnEVy4B5Y8oRCfT30+fwKf03AjtWZ
X-Received: by 2002:a65:5047:: with SMTP id
	k7-v6mr19934137pgo.93.1525380448909;
	Thu, 03 May 2018 13:47:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1525380448; cv=none;
	d=google.com; s=arc-20160816;
	b=BVwS/RQ66Y3kqutLm4V9KUuj3VSnHmtd6QTTfI65JnA8y+Q6MyxoMBqDjfmt6SCoQB
	Bj2qtG3ReKqfX08t9n1EfmF4FDs6AfaYvOhJ2W+X0vvGLoATnVADjOPGVStDVomV91q6
	3wU06PkJQoCG1QTOrAa9SEuUkFbKp/DdbPNXS5YEyQW07f5P4j5y87hVyetbNkC1ot/B
	vrkAshRYwQulBCoNnqBDnUuiTbJpAFEJvBVpx2zVoxiS8kSOsNj5g0cSuygrb9ilrRz3
	s9GbrKnzQaPqsx3evfRO7UrEzFuxeod8ioHOmxPXBV1Z2PTonr7I/VaSOQmqkNnUxhMf
	j+sQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=references:in-reply-to:message-id:date:subject:cc:to:from
	:arc-authentication-results;
	bh=9K/EG8S8UrhLnzP1V12uFrnS9vletEtvcK1QrgtLdCc=;
	b=PRwTsl9asNqwPp3E9CVwvrqnkQ+hDA/qJEzofgjhFY12OX3FnGI00Kf4at8Gev+2yo
	lWXCVIzmhA2ocrHEU39HLRwU5IaxGk37b3IPE5ORG8z575rBhMr1Fgc0kPPo/w0j099h
	8Y6nNPbytmJPaxDbVcvdXodckrjHvTvosq0C01IVqdFOTBl7+MjLoTBxqVJn54sRqdTV
	Uf9XOajRHt3VtsADC0DSh3p1QQinEdyOfWKdBby0W32lA6yyg2TankHm6CEwDABxGLhq
	nb2HlsO6TvieuPGh9nfrFOumTkik0bnNFh29O9HBGNpjcF1WitKo5e83hq2FN7jUFGko
	+Phg==
ARC-Authentication-Results: i=1; mx.google.com;
	spf=softfail (google.com: domain of transitioning dave@stgolabs.net
	does not designate 137.65.250.81 as permitted sender)
	smtp.mailfrom=dave@stgolabs.net
Received: from smtp2.provo.novell.com (smtp2.provo.novell.com.
	[137.65.250.81]) by mx.google.com with ESMTPS id
	r13-v6si2419295pgq.675.2018.05.03.13.47.28 for <linux-mm@kvack.org>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 03 May 2018 13:47:28 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning
	dave@stgolabs.net does not designate 137.65.250.81 as
	permitted sender) client-ip=137.65.250.81;
Authentication-Results: mx.google.com;
	spf=softfail (google.com: domain of transitioning dave@stgolabs.net
	does not designate 137.65.250.81 as permitted sender)
	smtp.mailfrom=dave@stgolabs.net
Received: from localhost.localdomain (prv-ext-foundry1int.gns.novell.com
	[137.65.251.240])
	by smtp2.provo.novell.com with ESMTP (TLS encrypted);
	Thu, 03 May 2018 14:47:18 -0600
From: Davidlohr Bueso <dave@stgolabs.net>
To: akpm@linux-foundation.org,
	aarcange@redhat.com
Cc: joe.lawrence@redhat.com, gareth.evans@contextis.co.uk,
	linux-kernel@vger.kernel.org, linux-mm@kvack.org, dave@stgolabs.net,
	stable@kernel.org, Davidlohr Bueso <dbueso@suse.de>
Subject: [PATCH 1/2] Revert "ipc/shm: Fix shmat mmap nil-page protection"
Date: Thu,  3 May 2018 13:32:42 -0700
Message-Id: <20180503203243.15045-2-dave@stgolabs.net>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20180503203243.15045-1-dave@stgolabs.net>
References: <20180503203243.15045-1-dave@stgolabs.net>
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
X-Virus-Scanned: ClamAV using ClamSMTP

95e91b831f87 (ipc/shm: Fix shmat mmap nil-page protection) worked on
the idea that we should not be mapping as root addr=0 and MAP_FIXED.
However, it was reported that this scenario is in fact valid, thus
making the patch both bogus and breaks userspace as well. For example
X11's libint10.so relies on shmat(1, SHM_RND) for lowmem initialization[1].

[1] https://cgit.freedesktop.org/xorg/xserver/tree/hw/xfree86/os-support/linux/int10/linux.c#n347

Reported-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Davidlohr Bueso <dbueso@suse.de>
---
 ipc/shm.c | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/ipc/shm.c b/ipc/shm.c
index 0075990338f4..b81d53c8f459 100644
--- a/ipc/shm.c
+++ b/ipc/shm.c
@@ -1371,13 +1371,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg,
 
 	if (addr) {
 		if (addr & (shmlba - 1)) {
-			/*
-			 * Round down to the nearest multiple of shmlba.
-			 * For sane do_mmap_pgoff() parameters, avoid
-			 * round downs that trigger nil-page and MAP_FIXED.
-			 */
-			if ((shmflg & SHM_RND) && addr >= shmlba)
-				addr &= ~(shmlba - 1);
+			if (shmflg & SHM_RND)
+				addr &= ~(shmlba - 1);  /* round down */
 			else
 #ifndef __ARCH_FORCE_SHMLBA
 				if (addr & ~PAGE_MASK)