| Message ID | 20240704182718.2653918-16-Liam.Howlett@oracle.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | Avoid MAP_FIXED gap exposure | expand |
On Thu, Jul 04, 2024 at 02:27:17PM GMT, Liam R. Howlett wrote: > From: "Liam R. Howlett" <Liam.Howlett@Oracle.com> > > Change from nr_pages variable to vms.nr_accounted for the charged pages > calculation. This is necessary for a future patch. > > This also avoids checking security_vm_enough_memory_mm() if the amount > of memory won't change. > > Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com> > Cc: Kees Cook <kees@kernel.org> > --- > mm/mmap.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/mm/mmap.c b/mm/mmap.c > index b14da6bd257f..b2de26683903 100644 > --- a/mm/mmap.c > +++ b/mm/mmap.c > @@ -2980,6 +2980,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > } else { > /* Minimal setup of vms */ > vms.nr_pages = 0; > + vms.nr_accounted = 0; This kind of highlights my concern about only setting some vms fields, now we have to remember to change this in the right place or happen to know that init_vma_munmap() will be otherwise invoked. > next = vma_next(&vmi); > prev = vma_prev(&vmi); > if (prev) > @@ -2991,9 +2992,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > */ > if (accountable_mapping(file, vm_flags)) { > charged = pglen; > - charged -= nr_accounted; > - if (security_vm_enough_memory_mm(mm, charged)) > + charged -= vms.nr_accounted; > + if (charged && security_vm_enough_memory_mm(mm, charged)) > goto abort_munmap; > + > vms.nr_accounted = 0; Is setting this to zero really needed here? We may be done with this, but if the vms value represents the 'unmap state' of this range, surely the number of accountable pages remains the same? > vm_flags |= VM_ACCOUNT; > } > -- > 2.43.0 > At this point nr_accounted is no longer used, but I'm guessing a follow up patch will remove this? :) I was wondering why you used that given the gather function also separately calculates it, but I guess this answers that! Generally this looks good to me, so: Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
On Mon, Jul 8, 2024 at 5:43 AM Lorenzo Stoakes <lorenzo.stoakes@oracle.com> wrote: > > On Thu, Jul 04, 2024 at 02:27:17PM GMT, Liam R. Howlett wrote: > > From: "Liam R. Howlett" <Liam.Howlett@Oracle.com> > > > > Change from nr_pages variable to vms.nr_accounted for the charged pages > > calculation. This is necessary for a future patch. > > > > This also avoids checking security_vm_enough_memory_mm() if the amount > > of memory won't change. > > > > Signed-off-by: Liam R. Howlett <Liam.Howlett@Oracle.com> > > Cc: Kees Cook <kees@kernel.org> > > --- > > mm/mmap.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > > > > diff --git a/mm/mmap.c b/mm/mmap.c > > index b14da6bd257f..b2de26683903 100644 > > --- a/mm/mmap.c > > +++ b/mm/mmap.c > > @@ -2980,6 +2980,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > > } else { > > /* Minimal setup of vms */ > > vms.nr_pages = 0; > > + vms.nr_accounted = 0; > > This kind of highlights my concern about only setting some vms fields, now we > have to remember to change this in the right place or happen to know that > init_vma_munmap() will be otherwise invoked. > > > next = vma_next(&vmi); > > prev = vma_prev(&vmi); > > if (prev) > > @@ -2991,9 +2992,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, > > */ > > if (accountable_mapping(file, vm_flags)) { > > charged = pglen; > > - charged -= nr_accounted; > > - if (security_vm_enough_memory_mm(mm, charged)) > > + charged -= vms.nr_accounted; > > + if (charged && security_vm_enough_memory_mm(mm, charged)) > > goto abort_munmap; > > + > > vms.nr_accounted = 0; > > Is setting this to zero really needed here? We may be done with this, but if the > vms value represents the 'unmap state' of this range, surely the number of > accountable pages remains the same? > > > vm_flags |= VM_ACCOUNT; > > } > > -- > > 2.43.0 > > > > At this point nr_accounted is no longer used, but I'm guessing a follow up patch > will remove this? :) IMHO this and the next patch can be combined to remove this confusion. They are both rather small, so would not be a big deal. > > I was wondering why you used that given the gather function also separately > calculates it, but I guess this answers that! > > Generally this looks good to me, so: > > Reviewed-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com> Reviewed-by: Suren Baghdasaryan <surenb@google.com>
diff --git a/mm/mmap.c b/mm/mmap.c index b14da6bd257f..b2de26683903 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2980,6 +2980,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, } else { /* Minimal setup of vms */ vms.nr_pages = 0; + vms.nr_accounted = 0; next = vma_next(&vmi); prev = vma_prev(&vmi); if (prev) @@ -2991,9 +2992,10 @@ unsigned long mmap_region(struct file *file, unsigned long addr, */ if (accountable_mapping(file, vm_flags)) { charged = pglen; - charged -= nr_accounted; - if (security_vm_enough_memory_mm(mm, charged)) + charged -= vms.nr_accounted; + if (charged && security_vm_enough_memory_mm(mm, charged)) goto abort_munmap; + vms.nr_accounted = 0; vm_flags |= VM_ACCOUNT; }