From patchwork Mon Oct 16 14:38:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423493 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id CA36CCDB465 for ; Mon, 16 Oct 2023 14:39:01 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 171138D00A6; Mon, 16 Oct 2023 10:39:01 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 0F81B8D0001; Mon, 16 Oct 2023 10:39:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id DA2098D00A6; Mon, 16 Oct 2023 10:39:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id C14558D0001 for ; Mon, 16 Oct 2023 10:39:00 -0400 (EDT) Received: from smtpin15.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 80F1C407C7 for ; Mon, 16 Oct 2023 14:39:00 +0000 (UTC) X-FDA: 81351581640.15.6C31484 Received: from mail-oo1-f41.google.com (mail-oo1-f41.google.com [209.85.161.41]) by imf25.hostedemail.com (Postfix) with ESMTP id 6E9B5A0020 for ; Mon, 16 Oct 2023 14:38:58 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=elro8LSF; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.41 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467138; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=i0WNNc5z5Rp4qcc+bUjy2EO5P5kIEIYGxWQPd2Onn9M=; b=hOKT0ap0xEAy+ujarZaUYji96SMhSf+W0QCrhlRmTl+eZZLHx0KE9Qzet8U6WAGFaxBzv7 rXTixJaMsVAsplP6ilS5ws0Bv/4maVxL4FjAuHlj9yLOa8RVKhWg74Ab+oS7hJvI0ljg+r bpKOU7cLa6hC/b+bvu3jedU7C3gaWVk= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=elro8LSF; spf=pass (imf25.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.41 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467138; a=rsa-sha256; cv=none; b=r3FtBdouIEkP7kUW+jcyP21AEPky4nObYprRLSiZimfg1w9KZJY6vo6SqyXQRAfuXctUIi egTp6x8cRGJcH9X1SEfVP3XRJsM9OiI3iEJbTnK0wCh0nTrTzxbguuyDwPb+0CqHws656r CDwosAwdooOasKqNVS3J/vEEhAGlBnU= Received: by mail-oo1-f41.google.com with SMTP id 006d021491bc7-57babef76deso2587437eaf.0 for ; Mon, 16 Oct 2023 07:38:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467137; x=1698071937; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=i0WNNc5z5Rp4qcc+bUjy2EO5P5kIEIYGxWQPd2Onn9M=; b=elro8LSFn5NBI6XGtX1nz/sUqcgVY34O4PT3GaMUYGtbgJXe7FPcBXNow7rmin+4d8 bT8uX23hOU9J/jMAZLuWYzYLX1YbHwulYVsjumUfOB3rKraUatu242K24uyfOmT0m0MX 7eCPuLZAfuX9Ep9C1mBl01uAxD4KV7nLyrHSU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467137; x=1698071937; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=i0WNNc5z5Rp4qcc+bUjy2EO5P5kIEIYGxWQPd2Onn9M=; b=O/bugjNmU3rgPOXPz5Wp+CGm8Wda09T/cdmZcC6lX0XQhX83bH1pwUTY/kvP6FP7uy u9k5XV2zysr/axDKt5+Ei7rKO8YoSWGBDdNFIGvS39br2B7O9QNWpbp76ClFFyxug23Z ONauO4nqvjyAuOgI96rum2tqiPO0wvEno8fnaIVQkFR1koKY7PjcFL/ykrS44PV9Xbvf E3mDY8WERmcs/R6fJ8r3R0t1LO700jPJJ6LhL745n0SuX92w0mQMmtbFw+fGI3stVoIi nQlvD4O98rFN1P/mScc7s12qPFVB7tr7JcSvtGt4gnUbR+OyNCkroZhoIQDDj/LmLyMb Lb2A== X-Gm-Message-State: AOJu0YwoXl0nMQ0iZ8fkYiamt1muSnM6n/jggUUvqoHT0ZGjs7hiQ8Be MjGcJ46DRltJXcWLipOR57HA7Q== X-Google-Smtp-Source: AGHT+IHl+pMgyvtur/JNbIrQM0sYpoTu0Sl4CBWNwTFYDB3ETNHzopbO9fK1CG39Fnz3dURR6iY0pg== X-Received: by 2002:a05:6358:4311:b0:13c:fd78:bb43 with SMTP id r17-20020a056358431100b0013cfd78bb43mr36098417rwc.27.1697467137176; Mon, 16 Oct 2023 07:38:57 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id s5-20020aa78bc5000000b006be0fb89ac3sm2298667pfd.30.2023.10.16.07.38.56 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:38:56 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 1/8] Add mseal syscall Date: Mon, 16 Oct 2023 14:38:20 +0000 Message-ID: <20231016143828.647848-2-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 6E9B5A0020 X-Rspam-User: X-Stat-Signature: sayqjwgdrxx3rj46jicc7f7f4zmqr7jw X-Rspamd-Server: rspam01 X-HE-Tag: 1697467138-985116 X-HE-Meta: U2FsdGVkX1/LA4EYHbltHNlsz+ajMYXwz4rCLs7z3bI5xWiDPDZ8cPWlCLTyPBmJEdZrHOCOqDO+ffAbwVwte3xitdC14MILMl2zA2//3PII4/vYRJbFIuBxxrvl5drScwh5SLfYfIWU5x/S1uya8v1gMO4RIzF/Xiu8fKYoDI/douShGUr92AENgs11Hf9i15BDStvm8Xe7mpmhjHguNTRTU1XoG99tK78EaB17TFmhwKYTi/85nkPONnfm5BoWH+0qBuGmQE3wZQdfTG+53GgCSnI79lcd41quxqDOYIE0ZlrO05qQFtKRSj+tKUA2Pp+4nwzm4FA5+KWmTT0dTgn6KJuO2kSdCK6iPlQxAvXZw3W08Amb/NHIVAzjIlJyCp+A9RU+TjW1C46U2DKkF5DDLO4yPr9mK4YUpMIXuZmDU+63IF2z8DVkGtDebsHeJPlIvfxNc/wFkYhljVANeyAR/HmRYLzao9VFCx4zUZfuJy30/aT6YjyERSojinOPRnHheEAa/xYRMEKrqRuPhcezetT1dJaGQdIKMHqUIZkC48G0Z2UpV/hB25qQ+cKoHjzqL40IHp/NmGwxZ4j0K6P9btMnLujN4DFz9PvKBt2ocFMU30/AsC1x/gvyYfOwduvWrgbFIjqVo+cRz3IqDldK42t4ImLUCovSAs4x1EAcyEPQ34j46QLBUTmBCZezmBMXx84Vd5L7f5nfEBhBOSCc5vVMdz4hT+ATV5utAlR3ZdvKkhAv/YeeLXTuW1RV5g+AJMA0Obu0WPCIxxKhZulXHHUq7AIEvg5WEwh9tygMcBOF6KNSdXSNTDti1XpTn0O/Qy7Vsb7E0iNlNAXFWMbwDES97F9IUmprAHBEdD5x560RpQkL9IXUZmBXZCCol40yX+1178/z0Ck/wR7D+p7nJoXvaGgSQGwkVgaP+BvabRYwZWzV6efPOs6q/fQs7bXX1UGESNwEAebmKhK C3xMHF4G L9aXWWkJs/87TxX8WLjh5rTIcgG3MxQTwpa0QQbrmTxUMGmnJ7MMBaN7TYeEVGeHebY8140mQIbuice52TwdrtAfaE+pimV6tnrdaFZU6xkC/RVEtnBPwTRt3JHzyeX/vZ3jq93qyUgH1Wcj1OY3Yh4F8QXNt/MGO2o6S2EhS3zJU4unI5CwQi9uiv59kRpiossXDwJ9OGMbIzkT34XZBjt50EwG6FepYcy3Nsx7KD1hIUvSnpsabyOjrKt8SZVm2bcGHi18DjPnStlXz7TuU+ZkFvtwuNAuuj4E5pnjvXgLFBQQs0FK618JVk7sidEL8TmXc X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu mseal() prevents system calls from modifying the metadata of virtual addresses. Five syscalls can be sealed, as specified by bitmasks: MM_SEAL_MPROTECT: Deny mprotect(2)/pkey_mprotect(2). MM_SEAL_MUNMAP: Deny munmap(2). MM_SEAL_MMAP: Deny mmap(2). MM_SEAL_MREMAP: Deny mremap(2). MM_SEAL_MSEAL: Deny adding a new seal type. Signed-off-by: Jeff Xu --- include/linux/mm.h | 14 ++ include/linux/mm_types.h | 7 + include/linux/syscalls.h | 2 + include/uapi/linux/mman.h | 6 + kernel/sys_ni.c | 1 + mm/Kconfig | 8 ++ mm/Makefile | 1 + mm/mmap.c | 14 ++ mm/mseal.c | 268 ++++++++++++++++++++++++++++++++++++++ 9 files changed, 321 insertions(+) create mode 100644 mm/mseal.c diff --git a/include/linux/mm.h b/include/linux/mm.h index 53efddc4d178..e790b91a0cd4 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -257,6 +257,20 @@ extern struct rw_semaphore nommu_region_sem; extern unsigned int kobjsize(const void *objp); #endif +/* + * vm_seals in vm_area_struct, see mm_types.h. + */ +#define VM_SEAL_NONE 0x00000000 +#define VM_SEAL_MSEAL 0x00000001 +#define VM_SEAL_MPROTECT 0x00000002 +#define VM_SEAL_MUNMAP 0x00000004 +#define VM_SEAL_MREMAP 0x00000008 +#define VM_SEAL_MMAP 0x00000010 + +#define VM_SEAL_ALL \ + (VM_SEAL_MSEAL | VM_SEAL_MPROTECT | VM_SEAL_MUNMAP | VM_SEAL_MMAP | \ + VM_SEAL_MREMAP) + /* * vm_flags in vm_area_struct, see mm_types.h. * When changing, update also include/trace/events/mmflags.h diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h index 36c5b43999e6..17d80f5a73dc 100644 --- a/include/linux/mm_types.h +++ b/include/linux/mm_types.h @@ -660,6 +660,13 @@ struct vm_area_struct { struct vma_numab_state *numab_state; /* NUMA Balancing state */ #endif struct vm_userfaultfd_ctx vm_userfaultfd_ctx; +#ifdef CONFIG_MSEAL + /* + * bit masks for seal. + * need this since vm_flags is full. + */ + unsigned long vm_seals; /* seal flags, see mm.h. */ +#endif } __randomize_layout; #ifdef CONFIG_SCHED_MM_CID diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h index c0cb22cd607d..f574c7dbee76 100644 --- a/include/linux/syscalls.h +++ b/include/linux/syscalls.h @@ -802,6 +802,8 @@ asmlinkage long sys_process_mrelease(int pidfd, unsigned int flags); asmlinkage long sys_remap_file_pages(unsigned long start, unsigned long size, unsigned long prot, unsigned long pgoff, unsigned long flags); +asmlinkage long sys_mseal(unsigned long start, size_t len, unsigned int types, + unsigned int flags); asmlinkage long sys_mbind(unsigned long start, unsigned long len, unsigned long mode, const unsigned long __user *nmask, diff --git a/include/uapi/linux/mman.h b/include/uapi/linux/mman.h index a246e11988d5..d7882b5984ce 100644 --- a/include/uapi/linux/mman.h +++ b/include/uapi/linux/mman.h @@ -55,4 +55,10 @@ struct cachestat { __u64 nr_recently_evicted; }; +#define MM_SEAL_MSEAL 0x1 +#define MM_SEAL_MPROTECT 0x2 +#define MM_SEAL_MUNMAP 0x4 +#define MM_SEAL_MMAP 0x8 +#define MM_SEAL_MREMAP 0x10 + #endif /* _UAPI_LINUX_MMAN_H */ diff --git a/kernel/sys_ni.c b/kernel/sys_ni.c index 781de7cc6a4e..06fabf379e33 100644 --- a/kernel/sys_ni.c +++ b/kernel/sys_ni.c @@ -192,6 +192,7 @@ COND_SYSCALL(migrate_pages); COND_SYSCALL(move_pages); COND_SYSCALL(set_mempolicy_home_node); COND_SYSCALL(cachestat); +COND_SYSCALL(mseal); COND_SYSCALL(perf_event_open); COND_SYSCALL(accept4); diff --git a/mm/Kconfig b/mm/Kconfig index 264a2df5ecf5..db8a567cb4d3 100644 --- a/mm/Kconfig +++ b/mm/Kconfig @@ -1258,6 +1258,14 @@ config LOCK_MM_AND_FIND_VMA bool depends on !STACK_GROWSUP +config MSEAL + default n + bool "Enable mseal() system call" + depends on MMU + help + Enable the mseal() system call. Make memory areas's metadata immutable + by selected system calls, i.e. mprotect(), munmap(), mremap(), mmap(). + source "mm/damon/Kconfig" endmenu diff --git a/mm/Makefile b/mm/Makefile index ec65984e2ade..643d8518dac0 100644 --- a/mm/Makefile +++ b/mm/Makefile @@ -120,6 +120,7 @@ obj-$(CONFIG_PAGE_EXTENSION) += page_ext.o obj-$(CONFIG_PAGE_TABLE_CHECK) += page_table_check.o obj-$(CONFIG_CMA_DEBUGFS) += cma_debug.o obj-$(CONFIG_SECRETMEM) += secretmem.o +obj-$(CONFIG_MSEAL) += mseal.o obj-$(CONFIG_CMA_SYSFS) += cma_sysfs.o obj-$(CONFIG_USERFAULTFD) += userfaultfd.o obj-$(CONFIG_IDLE_PAGE_TRACKING) += page_idle.o diff --git a/mm/mmap.c b/mm/mmap.c index 514ced13c65c..9b6c477e713e 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -730,6 +730,20 @@ static inline bool is_mergeable_vma(struct vm_area_struct *vma, return false; if (!anon_vma_name_eq(anon_vma_name(vma), anon_name)) return false; +#ifdef CONFIG_MSEAL + /* + * If a VMA is sealed, it won't be merged with another VMA. + * This might be useful for diagnosis, i.e. the boundary used + * in the mseal() call will be preserved. + * There are chances of too many mseal() calls can create + * many segmentations. Considering mseal() usually comes + * with a careful memory layout design by the application, + * this might not be an issue in real world. + * Though, we could add merging support later if needed. + */ + if (vma->vm_seals & VM_SEAL_ALL) + return 0; +#endif return true; } diff --git a/mm/mseal.c b/mm/mseal.c new file mode 100644 index 000000000000..615b6e06ab44 --- /dev/null +++ b/mm/mseal.c @@ -0,0 +1,268 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Implement mseal() syscall. + * + * Copyright (c) 2023 Google, Inc. + * + * Author: Jeff Xu + */ + +#include +#include +#include +#include +#include "internal.h" + +/* + * MM_SEAL_ALL is all supported flags in mseal(). + */ +#define MM_SEAL_ALL ( \ + MM_SEAL_MSEAL | \ + MM_SEAL_MPROTECT | \ + MM_SEAL_MUNMAP | \ + MM_SEAL_MMAP | \ + MM_SEAL_MREMAP) + +static bool can_do_mseal(unsigned int types, unsigned int flags) +{ + /* check types is a valid bitmap */ + if (types & ~MM_SEAL_ALL) + return false; + + /* flags isn't used for now */ + if (flags) + return false; + + return true; +} + +/* + * Check if a seal type can be added to VMA. + */ +static bool can_add_vma_seals(struct vm_area_struct *vma, unsigned int newSeals) +{ + /* When SEAL_MSEAL is set, reject if a new type of seal is added */ + if ((vma->vm_seals & VM_SEAL_MSEAL) && + (newSeals & ~(vma->vm_seals & VM_SEAL_ALL))) + return false; + + return true; +} + +static int mseal_fixup(struct vma_iterator *vmi, struct vm_area_struct *vma, + struct vm_area_struct **prev, unsigned long start, + unsigned long end, unsigned int addtypes) +{ + int ret = 0; + + if (addtypes & ~(vma->vm_seals & VM_SEAL_ALL)) { + /* + * Handle split at start and end. + * Note: sealed VMA doesn't merge with other VMAs. + */ + if (start != vma->vm_start) { + ret = split_vma(vmi, vma, start, 1); + if (ret) + goto out; + } + + if (end != vma->vm_end) { + ret = split_vma(vmi, vma, end, 0); + if (ret) + goto out; + } + + vma->vm_seals |= addtypes; + } + +out: + *prev = vma; + return ret; +} + +/* + * convert user input to internal type for seal type. + */ +static unsigned int convert_user_seal_type(unsigned int types) +{ + unsigned int newtypes = VM_SEAL_NONE; + + if (types & MM_SEAL_MSEAL) + newtypes |= VM_SEAL_MSEAL; + + if (types & MM_SEAL_MPROTECT) + newtypes |= VM_SEAL_MPROTECT; + + if (types & MM_SEAL_MUNMAP) + newtypes |= VM_SEAL_MUNMAP; + + if (types & MM_SEAL_MMAP) + newtypes |= VM_SEAL_MMAP; + + if (types & MM_SEAL_MREMAP) + newtypes |= VM_SEAL_MREMAP; + + return newtypes; +} + +/* + * Check for do_mseal: + * 1> start is part of a valid vma. + * 2> end is part of a valid vma. + * 3> No gap (unallocated address) between start and end. + * 4> requested seal type can be added in given address range. + */ +static int check_mm_seal(unsigned long start, unsigned long end, + unsigned int newtypes) +{ + struct vm_area_struct *vma; + unsigned long nstart = start; + + VMA_ITERATOR(vmi, current->mm, start); + + /* going through each vma to check */ + for_each_vma_range(vmi, vma, end) { + if (vma->vm_start > nstart) + /* unallocated memory found */ + return -ENOMEM; + + if (!can_add_vma_seals(vma, newtypes)) + return -EACCES; + + if (vma->vm_end >= end) + return 0; + + nstart = vma->vm_end; + } + + return -ENOMEM; +} + +/* + * Apply sealing. + */ +static int apply_mm_seal(unsigned long start, unsigned long end, + unsigned int newtypes) +{ + unsigned long nstart, nend; + struct vm_area_struct *vma, *prev = NULL; + struct vma_iterator vmi; + int error = 0; + + vma_iter_init(&vmi, current->mm, start); + vma = vma_find(&vmi, end); + + prev = vma_prev(&vmi); + if (start > vma->vm_start) + prev = vma; + + nstart = start; + + /* going through each vma to update */ + for_each_vma_range(vmi, vma, end) { + nend = vma->vm_end; + if (nend > end) + nend = end; + + error = mseal_fixup(&vmi, vma, &prev, nstart, nend, newtypes); + if (error) + break; + + nstart = vma->vm_end; + } + + return error; +} + +/* + * mseal(2) seals the VM's meta data from + * selected syscalls. + * + * addr/len: VM address range. + * + * The address range by addr/len must meet: + * start (addr) must be in a valid VMA. + * end (addr + len) must be in a valid VMA. + * no gap (unallocated memory) between start and end. + * start (addr) must be page aligned. + * + * len: len will be page aligned implicitly. + * + * types: bit mask for sealed syscalls. + * MM_SEAL_MPROTECT: seal mprotect(2)/pkey_mprotect(2). + * MM_SEAL_MUNMAP: seal munmap(2). + * MM_SEAL_MMAP: seal mmap(2). + * MM_SEAL_MREMAP: seal mremap(2). + * MM_SEAL_MSEAL: adding new seal type will be rejected. + * + * flags: reserved. + * + * return values: + * zero: success + * -EINVAL: + * invalid seal type. + * invalid input flags. + * addr is not page aligned. + * addr + len overflow. + * -ENOMEM: + * addr is not a valid address (not allocated). + * end (addr + len) is not a valid address. + * a gap (unallocated memory) between start and end. + * -EACCES: + * MM_SEAL_MSEAL is set, adding a new seal is rejected. + * + * Note: + * user can call mseal(2) multiple times to add new seal types. + * adding an already added seal type is a no-action (no error). + * adding a new seal type after MM_SEAL_MSEAL will be rejected. + * unseal() or removing a seal type is not supported. + */ +static int do_mseal(unsigned long start, size_t len_in, unsigned int types, + unsigned int flags) +{ + int ret = 0; + unsigned long end; + struct mm_struct *mm = current->mm; + unsigned int newtypes; + size_t len; + + if (!can_do_mseal(types, flags)) + return -EINVAL; + + newtypes = convert_user_seal_type(types); + + start = untagged_addr(start); + if (!PAGE_ALIGNED(start)) + return -EINVAL; + + len = PAGE_ALIGN(len_in); + /* Check to see whether len was rounded up from small -ve to zero */ + if (len_in && !len) + return -EINVAL; + + end = start + len; + if (end < start) + return -EINVAL; + + if (end == start) + return 0; + + if (mmap_write_lock_killable(mm)) + return -EINTR; + + ret = check_mm_seal(start, end, newtypes); + if (ret) + goto out; + + ret = apply_mm_seal(start, end, newtypes); + +out: + mmap_write_unlock(current->mm); + return ret; +} + +SYSCALL_DEFINE4(mseal, unsigned long, start, size_t, len, unsigned int, types, unsigned int, + flags) +{ + return do_mseal(start, len, types, flags); +} From patchwork Mon Oct 16 14:38:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423494 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0E38DCDB483 for ; Mon, 16 Oct 2023 14:39:03 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id AA5538D00A7; Mon, 16 Oct 2023 10:39:02 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id A2A418D0001; Mon, 16 Oct 2023 10:39:02 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 825268D00A7; Mon, 16 Oct 2023 10:39:02 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id 67C198D0001 for ; Mon, 16 Oct 2023 10:39:02 -0400 (EDT) Received: from smtpin20.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 4019040997 for ; Mon, 16 Oct 2023 14:39:02 +0000 (UTC) X-FDA: 81351581724.20.795AFCF Received: from mail-il1-f170.google.com (mail-il1-f170.google.com [209.85.166.170]) by imf20.hostedemail.com (Postfix) with ESMTP id 57B691C001E for ; Mon, 16 Oct 2023 14:39:00 +0000 (UTC) Authentication-Results: imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=P47nBaHC; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf20.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.166.170 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467140; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=FAzDyUE3yfBlink0mV0CQJEoxlm4tCcqZDEi5jvmYQc=; b=CC4vZdJkOGYmGRiv+yNdwtlavCRIUsRsmfDe5IkoJMHVloBRXUKmQ3knMOPxN4NEypdrs2 xwqNajI49wwbltFbxbhk/QORvy32JcL644L+kz7tJRh0RLG5c/BZSybQJFXZxDEcBLQElB aD/PF/APYEVrwc/BbJ3F5wF6HTWkbtU= ARC-Authentication-Results: i=1; imf20.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=P47nBaHC; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf20.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.166.170 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467140; a=rsa-sha256; cv=none; b=LEkve2SrUW2mJHhnHOfWuHp930hOMkTy/SqQzmiPccQLaa/hvwYQLxxCQzJWU6N/vRhC9Y 25xqSphEgTe8rmkmXf0U0CoEYgtRccuwdWDMSpsBRHid6AkPk5paPGfZ+mDdFH/ZN25Awy ZmUJ2XVZVAjnOMPTiWRgbp+Lj0BUpmc= Received: by mail-il1-f170.google.com with SMTP id e9e14a558f8ab-352a22e1471so18671525ab.0 for ; Mon, 16 Oct 2023 07:38:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467139; x=1698071939; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FAzDyUE3yfBlink0mV0CQJEoxlm4tCcqZDEi5jvmYQc=; b=P47nBaHCrrK36Mm9VRfZVBYILyrmi3FoChZhtLDf2AadDZE57kecJRfqeuelwpC+Oq nVKTGVfs4YPNlodYDQG6fAO60A9fderno/XVmUJLPFch2dFOQkL0D9QcP6nt7rTTCPMA unsSGn8S9pJhju3YPNc2fVw/Vfj91Q94gUDbM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467139; x=1698071939; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FAzDyUE3yfBlink0mV0CQJEoxlm4tCcqZDEi5jvmYQc=; b=Sa1Cdbttx3Z+PChy0O26Ref9rg6ZC6zGn46P132vGTMfVSnyjgijb4Bm+isramkDLk +WU3dIP8c0s55hMf2+RDJcDIBqOpXrgaH+W4xfGnkBYe3slRDDlaYD9Pq8coMMzdIELB trlJSn0UmHLCuGsaw4L1QOlr4Lymnb/pW/fcPmtAbpV6RlWI+vTEqaKS03I32Ptdf6Z9 YaBpmhHm3ffGIPuA7rxHx4C00ObcF/AbQKXW/vRiv2DpX16W0Jxcm4I6q0RkPn8dAnwG 239Y5+8SXMC80o9A7UGT7uF5nZzfuvclq2e72v42yX6Jx3teAY/zT2I9gKMn91R16fGR LpsA== X-Gm-Message-State: AOJu0YxObS0awEH3qiB8G++n+ndIh95RfQolcXjnJP1Y2+EF++gmNxt1 GVWPtrnGkO0P6wUWTf7fTLx5fg== X-Google-Smtp-Source: AGHT+IGqQDdVFlQs+IXW0yxPTymooU2TCQvu0xd2lG+Ye+SZzKGp5LnWA6dNZS4kCl0/6d0DeHSH7w== X-Received: by 2002:a05:6e02:12c5:b0:357:745a:9e79 with SMTP id i5-20020a056e0212c500b00357745a9e79mr7506574ilm.26.1697467139329; Mon, 16 Oct 2023 07:38:59 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id u5-20020aa78385000000b0068c90e1ec84sm18266164pfm.167.2023.10.16.07.38.58 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:38:58 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 2/8] Wire up mseal syscall Date: Mon, 16 Oct 2023 14:38:21 +0000 Message-ID: <20231016143828.647848-3-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: 57B691C001E X-Rspam-User: X-Rspamd-Server: rspam02 X-Stat-Signature: j5fi4eofxaojbhgrwb3u44oxtn8xnoae X-HE-Tag: 1697467140-127122 X-HE-Meta: U2FsdGVkX1+Qg0a22cdx+vkuKLEBwhMpnVxsxsPHI+QrL00eCXL2aKv14Fm1Qy7iVUBNIgJHd0OfYUx+fZoJ96SVSZuW8im8RB70fKJn3eRLcY/4SpQHC6GtDVjSekIBFtFGbc1ZMNhby5eLfAYApVphS2fJ+GpBf3Vrem1BoFAAOX9FReEW+U3ehO7FZn9bihrna4fV7NZHt6feRDQok73wQ+LmoPEQZyB552tfgwdxvsXcrY8nzckVcm2P1UxyoClK9SxsCls1bXYcy6J38UB6AXW6QVzHy5ULjagJpaPtvnhET1zrHqc7LL+GH9F2fhmkACoLmEuIwFFhYJlV0DJzamUl/aMlWJZDwWS3Ec0PFZsK4lPBFucaXWlpW6USMYB7lzQ1+G6esitSKtHc41HKniZGwgyErIir2HQ6aUJq5zpSUJoFlrQ0u4sO29pN38eirc6dKfnHOLoAGD/w9y5qw8MqOlKfoFUSxB507e3X1GF8glm5RvZBmvLbdbaYovOMLPyaiJCfCzCPRpdbrDZVukO2I6tCXB6axGjqYI4K07lySywBTf3cosBKyFjuJFh3BVHCZk4U9zsL7jVBp7DHXr/ruOhAzC2GsWPXHOc+vtD55g3b8p+cLLUeGqPX+fWHxfHPDmyvtAVkit3dGBDBp7cOXGboetnmOB5u5ONMQL9pucYWwGnxu2DFXUbskz4AiU+dj0xadc497CxMHXcxryLFTt1lN/tyt1MJesQYsNG/SNyGiRswYLPF3YW6oODdhXMpFX4tvTp4IccWJIqfAVUJB5O0AFRFgpJU4WwH7m5pwQ+d1KWldsRvhlVF4GRgg2rUS/v8IIifXAWTUYREECiNj9PVeSuTfQqlVCf8g7zdBcyuKL1ebluFLycKYXrcV9JR3e0Y6iUrz/lYoAL5j2n4izKkom6gaF3sKYl4yhAGfTYhYmJtGpwogsxKTsq5A7B5TKa+FPcmW9j Ds8uJ/8Z pnGQS0fUDKh6xIPQFl86Kn3vofDUtsyH/lKJaBUu10w+4s5NJlfbu/mudTu/Tkv0+gM8iFkJD6ah3CDQvUtu6pT+3CvlakQr8jnS7hQxUb/ls1af1l33INtRgCewainLUtKT3pTlDGtEicNMA/oaveEOXiVAU1VBucfIY8ru2AufAEZ2kK+xXuYow/kFk/4D2SFJ/lmZK228x6HS2J7pySZrgqRUhifxNWzu4SJYe2m443mhYtkceR3my1h6H2LvdTlVZx69u9We7HX+0RA5lNQ9uuW8xyvNBgQmkdVUTbCIgRPnfXl01dMyDh3V3miCNNSHUCmqT7RJUL0U= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu Wire up mseal syscall for all architectures. Signed-off-by: Jeff Xu --- arch/alpha/kernel/syscalls/syscall.tbl | 1 + arch/arm/tools/syscall.tbl | 1 + arch/arm64/include/asm/unistd.h | 2 +- arch/arm64/include/asm/unistd32.h | 2 ++ arch/ia64/kernel/syscalls/syscall.tbl | 1 + arch/m68k/kernel/syscalls/syscall.tbl | 1 + arch/microblaze/kernel/syscalls/syscall.tbl | 1 + arch/mips/kernel/syscalls/syscall_n32.tbl | 1 + arch/mips/kernel/syscalls/syscall_n64.tbl | 1 + arch/mips/kernel/syscalls/syscall_o32.tbl | 1 + arch/parisc/kernel/syscalls/syscall.tbl | 1 + arch/powerpc/kernel/syscalls/syscall.tbl | 1 + arch/s390/kernel/syscalls/syscall.tbl | 1 + arch/sh/kernel/syscalls/syscall.tbl | 1 + arch/sparc/kernel/syscalls/syscall.tbl | 1 + arch/x86/entry/syscalls/syscall_32.tbl | 1 + arch/x86/entry/syscalls/syscall_64.tbl | 1 + arch/xtensa/kernel/syscalls/syscall.tbl | 1 + include/uapi/asm-generic/unistd.h | 5 ++++- 19 files changed, 23 insertions(+), 2 deletions(-) diff --git a/arch/alpha/kernel/syscalls/syscall.tbl b/arch/alpha/kernel/syscalls/syscall.tbl index ad37569d0507..b5847d53102a 100644 --- a/arch/alpha/kernel/syscalls/syscall.tbl +++ b/arch/alpha/kernel/syscalls/syscall.tbl @@ -492,3 +492,4 @@ 560 common set_mempolicy_home_node sys_ni_syscall 561 common cachestat sys_cachestat 562 common fchmodat2 sys_fchmodat2 +563 common mseal sys_mseal diff --git a/arch/arm/tools/syscall.tbl b/arch/arm/tools/syscall.tbl index c572d6c3dee0..b50c5ca5047d 100644 --- a/arch/arm/tools/syscall.tbl +++ b/arch/arm/tools/syscall.tbl @@ -466,3 +466,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/arm64/include/asm/unistd.h b/arch/arm64/include/asm/unistd.h index bd77253b62e0..6a28fb91b85d 100644 --- a/arch/arm64/include/asm/unistd.h +++ b/arch/arm64/include/asm/unistd.h @@ -39,7 +39,7 @@ #define __ARM_NR_compat_set_tls (__ARM_NR_COMPAT_BASE + 5) #define __ARM_NR_COMPAT_END (__ARM_NR_COMPAT_BASE + 0x800) -#define __NR_compat_syscalls 453 +#define __NR_compat_syscalls 454 #endif #define __ARCH_WANT_SYS_CLONE diff --git a/arch/arm64/include/asm/unistd32.h b/arch/arm64/include/asm/unistd32.h index 78b68311ec81..1e9b3c098a8e 100644 --- a/arch/arm64/include/asm/unistd32.h +++ b/arch/arm64/include/asm/unistd32.h @@ -911,6 +911,8 @@ __SYSCALL(__NR_set_mempolicy_home_node, sys_set_mempolicy_home_node) __SYSCALL(__NR_cachestat, sys_cachestat) #define __NR_fchmodat2 452 __SYSCALL(__NR_fchmodat2, sys_fchmodat2) +#define __NR_mseal 453 +__SYSCALL(__NR_mseal, sys_mseal) /* * Please add new compat syscalls above this comment and update diff --git a/arch/ia64/kernel/syscalls/syscall.tbl b/arch/ia64/kernel/syscalls/syscall.tbl index 83d8609aec03..babe34d221ee 100644 --- a/arch/ia64/kernel/syscalls/syscall.tbl +++ b/arch/ia64/kernel/syscalls/syscall.tbl @@ -373,3 +373,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/m68k/kernel/syscalls/syscall.tbl b/arch/m68k/kernel/syscalls/syscall.tbl index 259ceb125367..27cd3f7dbd5e 100644 --- a/arch/m68k/kernel/syscalls/syscall.tbl +++ b/arch/m68k/kernel/syscalls/syscall.tbl @@ -452,3 +452,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/microblaze/kernel/syscalls/syscall.tbl b/arch/microblaze/kernel/syscalls/syscall.tbl index a3798c2637fd..e49861f7c61f 100644 --- a/arch/microblaze/kernel/syscalls/syscall.tbl +++ b/arch/microblaze/kernel/syscalls/syscall.tbl @@ -458,3 +458,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/mips/kernel/syscalls/syscall_n32.tbl b/arch/mips/kernel/syscalls/syscall_n32.tbl index 152034b8e0a0..78d15010cd77 100644 --- a/arch/mips/kernel/syscalls/syscall_n32.tbl +++ b/arch/mips/kernel/syscalls/syscall_n32.tbl @@ -391,3 +391,4 @@ 450 n32 set_mempolicy_home_node sys_set_mempolicy_home_node 451 n32 cachestat sys_cachestat 452 n32 fchmodat2 sys_fchmodat2 +453 n32 mseal sys_mseal diff --git a/arch/mips/kernel/syscalls/syscall_n64.tbl b/arch/mips/kernel/syscalls/syscall_n64.tbl index cb5e757f6621..813614fedb72 100644 --- a/arch/mips/kernel/syscalls/syscall_n64.tbl +++ b/arch/mips/kernel/syscalls/syscall_n64.tbl @@ -367,3 +367,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 n64 cachestat sys_cachestat 452 n64 fchmodat2 sys_fchmodat2 +453 n64 mseal sys_mseal diff --git a/arch/mips/kernel/syscalls/syscall_o32.tbl b/arch/mips/kernel/syscalls/syscall_o32.tbl index 1a646813afdc..01d88d3a6f3e 100644 --- a/arch/mips/kernel/syscalls/syscall_o32.tbl +++ b/arch/mips/kernel/syscalls/syscall_o32.tbl @@ -440,3 +440,4 @@ 450 o32 set_mempolicy_home_node sys_set_mempolicy_home_node 451 o32 cachestat sys_cachestat 452 o32 fchmodat2 sys_fchmodat2 +453 o32 mseal sys_mseal diff --git a/arch/parisc/kernel/syscalls/syscall.tbl b/arch/parisc/kernel/syscalls/syscall.tbl index e97c175b56f9..d52d08f0a1ea 100644 --- a/arch/parisc/kernel/syscalls/syscall.tbl +++ b/arch/parisc/kernel/syscalls/syscall.tbl @@ -451,3 +451,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/powerpc/kernel/syscalls/syscall.tbl b/arch/powerpc/kernel/syscalls/syscall.tbl index 20e50586e8a2..d38deba73a7b 100644 --- a/arch/powerpc/kernel/syscalls/syscall.tbl +++ b/arch/powerpc/kernel/syscalls/syscall.tbl @@ -539,3 +539,4 @@ 450 nospu set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/s390/kernel/syscalls/syscall.tbl b/arch/s390/kernel/syscalls/syscall.tbl index 0122cc156952..cf3243c2978b 100644 --- a/arch/s390/kernel/syscalls/syscall.tbl +++ b/arch/s390/kernel/syscalls/syscall.tbl @@ -455,3 +455,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal sys_mseal diff --git a/arch/sh/kernel/syscalls/syscall.tbl b/arch/sh/kernel/syscalls/syscall.tbl index e90d585c4d3e..76f1cd33adaa 100644 --- a/arch/sh/kernel/syscalls/syscall.tbl +++ b/arch/sh/kernel/syscalls/syscall.tbl @@ -455,3 +455,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/sparc/kernel/syscalls/syscall.tbl b/arch/sparc/kernel/syscalls/syscall.tbl index 4ed06c71c43f..d7728695d780 100644 --- a/arch/sparc/kernel/syscalls/syscall.tbl +++ b/arch/sparc/kernel/syscalls/syscall.tbl @@ -498,3 +498,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/arch/x86/entry/syscalls/syscall_32.tbl b/arch/x86/entry/syscalls/syscall_32.tbl index 2d0b1bd866ea..6d4cc386df22 100644 --- a/arch/x86/entry/syscalls/syscall_32.tbl +++ b/arch/x86/entry/syscalls/syscall_32.tbl @@ -457,3 +457,4 @@ 450 i386 set_mempolicy_home_node sys_set_mempolicy_home_node 451 i386 cachestat sys_cachestat 452 i386 fchmodat2 sys_fchmodat2 +453 i386 mseal sys_mseal diff --git a/arch/x86/entry/syscalls/syscall_64.tbl b/arch/x86/entry/syscalls/syscall_64.tbl index 814768249eae..73dcfc43d921 100644 --- a/arch/x86/entry/syscalls/syscall_64.tbl +++ b/arch/x86/entry/syscalls/syscall_64.tbl @@ -374,6 +374,7 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal # # Due to a historical design error, certain syscalls are numbered differently diff --git a/arch/xtensa/kernel/syscalls/syscall.tbl b/arch/xtensa/kernel/syscalls/syscall.tbl index fc1a4f3c81d9..e8fd3bf35d73 100644 --- a/arch/xtensa/kernel/syscalls/syscall.tbl +++ b/arch/xtensa/kernel/syscalls/syscall.tbl @@ -423,3 +423,4 @@ 450 common set_mempolicy_home_node sys_set_mempolicy_home_node 451 common cachestat sys_cachestat 452 common fchmodat2 sys_fchmodat2 +453 common mseal sys_mseal diff --git a/include/uapi/asm-generic/unistd.h b/include/uapi/asm-generic/unistd.h index abe087c53b4b..0c945a798208 100644 --- a/include/uapi/asm-generic/unistd.h +++ b/include/uapi/asm-generic/unistd.h @@ -823,8 +823,11 @@ __SYSCALL(__NR_cachestat, sys_cachestat) #define __NR_fchmodat2 452 __SYSCALL(__NR_fchmodat2, sys_fchmodat2) +#define __NR_mseal 453 +__SYSCALL(__NR_mseal, sys_mseal) + #undef __NR_syscalls -#define __NR_syscalls 453 +#define __NR_syscalls 454 /* * 32 bit systems traditionally used different From patchwork Mon Oct 16 14:38:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423495 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4DC42CDB485 for ; Mon, 16 Oct 2023 14:39:07 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 536748D00AB; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 4A3E38D00AA; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 27F8F8D00A9; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id 12E968D00A8 for ; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id E33991CADBC for ; Mon, 16 Oct 2023 14:39:05 +0000 (UTC) X-FDA: 81351581850.30.E6A44D2 Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) by imf30.hostedemail.com (Postfix) with ESMTP id E703380013 for ; Mon, 16 Oct 2023 14:39:02 +0000 (UTC) Authentication-Results: imf30.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=FLTcqut4; spf=pass (imf30.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.214.175 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467143; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Xej43+CxxYh9a3blA/g52Ig4N3aDI9kSsEpUlToUGyY=; b=H0gjMm0d6Qs/Y+Wdcl8fMciZDjEJMQaaJOyp+WYAfkhE4LWtKUqSwbMo9aIdFfBzcQwjdB XJ+xgGD2Htn+uM09XwqSVLj81zjG/JM2ix0nlVXjj8WyZk/DyXHkmlOJdB+5uUNn/AiEe+ 16MiF1GcTUTgJl3bwKKkb0Oa5th6lKM= ARC-Authentication-Results: i=1; imf30.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=FLTcqut4; spf=pass (imf30.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.214.175 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467143; a=rsa-sha256; cv=none; b=l1NHGWVA+TG5Fm5XrigSQssz8bnlWGtTHye9WoLwWWCdBOj4h8nAtFEqHngiymwbVY2i+G paAJ1js6eJ+hczn5oUJqAb2hjVSfV+j6PqScgO2MzDZ4GseYzytvSaLehvsXmQi+w4Hswj htZydbanFN0rtzypAWsOVhwdkJiaucY= Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-1ca816f868fso5547625ad.1 for ; Mon, 16 Oct 2023 07:39:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467142; x=1698071942; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Xej43+CxxYh9a3blA/g52Ig4N3aDI9kSsEpUlToUGyY=; b=FLTcqut4QHGTJihKIRDOeKaI6+9bcBQtekpXmfOuYd+TBb5NGMEVErR1dX2y15xOt8 44avYMcB1Xj2BN39oTiokleM7b9BNXTFnYRTxUc+8TtdUUCaPdI6MbZNHugkXWPwDWA1 UH0smrrTpI5LsgIjaA5wFwKKSv/lNzRTOzQCg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467142; x=1698071942; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Xej43+CxxYh9a3blA/g52Ig4N3aDI9kSsEpUlToUGyY=; b=Fz1z47J4PeZMXIijcReIktKyNe54H5OdOi9JahIkbrYDiuBArnMRkBk56CwC03cDcv H69wHjcbP3SiSTENDg2tcPM/fJ+Z5XFuIZcDWLbN7Y+KxCeRsCTjUvOcaNHWNCwCUZx7 viFzxAiUdMKPCiPMVbmnW1R5DdaBWvbXhqSYKzO8P/uORiSQvXy2ZfSFu0TMyraoa9bF OS8P0r283t4O2RisJcPgfpjqEtC8pOQwSiB6VQIJ0cLjrcpThRp3KlaNKQLZj2rlIBCV L/5DxkHIAV3OahjVeiqXM6XFgp62h20doC2FvSBkak9FQvz4GBvXsykKio7QMpBVMYmB 153g== X-Gm-Message-State: AOJu0YwRhg/CSM7vPIUmBcl9ihcpSV2UC92aGC/742VZEOfttU0P42RO cWPtKED0ediJcTIWkbXQGU/iEw== X-Google-Smtp-Source: AGHT+IGUzUb5v0t/3MkBLk3yxGa4HPz1kX3xlLqN5hhkqcb5wVyzEHQXpSYW2jltVLkxXX+Emd4ILg== X-Received: by 2002:a17:903:294b:b0:1c9:d143:e9e with SMTP id li11-20020a170903294b00b001c9d1430e9emr10728383plb.18.1697467141766; Mon, 16 Oct 2023 07:39:01 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id ju1-20020a170903428100b001b9d335223csm8556065plb.26.2023.10.16.07.39.01 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:01 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 3/8] mseal: add can_modify_mm and can_modify_vma Date: Mon, 16 Oct 2023 14:38:22 +0000 Message-ID: <20231016143828.647848-4-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: E703380013 X-Rspam-User: X-Stat-Signature: ykd1wwynjith6ikzkzpb78dzqiwwoma7 X-Rspamd-Server: rspam01 X-HE-Tag: 1697467142-256009 X-HE-Meta: U2FsdGVkX19RNtpbrrpSJIJLnfvwXG5rCFDrlzDcga1k7ywj2IcHGjhxDuePxQY3CkTVb9RFaDCTTfZs7RfZG5RkIi1vFxj+mD7JhwaJg4eD/2NAF0jKJpmeahFXx7aw827vgAFesNwFXIFScZ1U8th3qkJUgaJa4ambRUnGSlBo8lGZs+4d2vCPxOBhC3KYNURQxYrT4SoSUOAhZFLMNqannq/Kmr5Bz+/YtsKIvBq2wNL1GwzpRfS78JexO8IfiRKbmJ/o1zkVL511rKcqVyaKid1BX/DrjoM5fGZC8CwZUZM/YMdhFX3ALF/NTmGvg9dPu9jc0swj6IMuydh5CccYxN1Vac6mh7To3wGhxsC8aApHBrUMlkY/MMkCjMaMU5chx4ApkDEqxzMpWNVOe/CHcbbfPoXM2wDcFINaGDn9854vBvLfCkubd+fEtIiHUFPXIks5zuuZIO2RV5pRU44Tys86OatAfpDavDsokMnW+gzOcrE6qXiN815RdsnyFix21hDn0OF1VdJjY7G978nXQAdvWQDoQX+UpIeq4sIi57yOoSUb6BgY0D2mgSXoV+YHic3NYq8QiVoE2ISrwvLiCLtadTwYnIwdoY3sHc+ZjNrJMENgI6f5qxsGom8dSiXK377M+U8jrygm7OS2Ba/VNI9OGffioM66P95xJfGMVyDkfqcPN5MSUybzoKdmhpFuXFcuDdjNkf0PROGwXDjXEDMhu9F+aNPlwJzaClJ+eLsr1URqvPGez6K0Biv2WMI2KZ/A8+CDiBSpexdPiTuPZfh7VH/5XLLNP13DCc8uPiGSpsFt7hYR3VNiFIju/354CS4bWXGvhQDBudnUovL8lf4AHeKEC765j8CBmVp3N9yl3ljotlhLQ0MhYA5CR2/oIDFzeJO33CGeq1BV3COQaHYGXkzYOBvWPNVTEXBMR6Cv9agsZ3pj8IqHZ+NIUYgswEJh66bnFlbc0tP XKxe0IW2 M+qmSbOAl1fyfkZKaCBiFlfkpEcmDdDn8fidGXp+gfn9UL2wGlFpCyHbhPimG6QBy6Ac3JEIlmPt0ZTth1s5QGTNBRraEkweryVC23NhwCzvyYjuSoHEEFXOPAKD7jDI8oAw4pIkEGg8L3jTRNSdg2ixSRAMFoGfnQlLYfQv6ejZ0Lx8HpGLcTclH0wjQKru58NpcGPnG6lHVNQhJNFR8T5QDMTqDRszPyVCY67u2U8NJeurz+3JVE0sGY5j3zqsRhnu/Cq7HKW6NUM9LZLLLpYWwfNpoT6zpq9fqcSiilcYbUujoT87LSpITVXVMfWOKgcEID+11MNzQ7iMKFmDIr8pwaYgR9z1/e2zjWR37QAnK/R9rhUIePgq2sA== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu can_modify_mm: checks sealing flags for given memory range. can_modify_vma: checks sealing flags for given vma. Signed-off-by: Jeff Xu --- include/linux/mm.h | 34 ++++++++++++++++++++++++++ mm/mseal.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index e790b91a0cd4..aafdb68950f8 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -257,6 +257,18 @@ extern struct rw_semaphore nommu_region_sem; extern unsigned int kobjsize(const void *objp); #endif +enum caller_origin { + ON_BEHALF_OF_KERNEL = 0, + ON_BEHALF_OF_USERSPACE, +}; + +enum mm_action { + MM_ACTION_MPROTECT, + MM_ACTION_MUNMAP, + MM_ACTION_MREMAP, + MM_ACTION_MMAP, +}; + /* * vm_seals in vm_area_struct, see mm_types.h. */ @@ -3302,6 +3314,28 @@ static inline void mm_populate(unsigned long addr, unsigned long len) static inline void mm_populate(unsigned long addr, unsigned long len) {} #endif +#ifdef CONFIG_MSEAL +extern bool can_modify_mm(struct mm_struct *mm, unsigned long start, + unsigned long end, enum mm_action action, + enum caller_origin called); + +extern bool can_modify_vma(struct vm_area_struct *vma, enum mm_action action, + enum caller_origin called); +#else +static inline bool can_modify_mm(struct mm_struct *mm, unsigned long start, + unsigned long end, enum mm_action action, + enum caller_origin called) +{ + return true; +} + +static inline bool can_modify_vma(struct vm_area_struct *vma, enum mm_action action, + enum caller_origin called) +{ + return true; +} +#endif + /* These take the mm semaphore themselves */ extern int __must_check vm_brk(unsigned long, unsigned long); extern int __must_check vm_brk_flags(unsigned long, unsigned long, unsigned long); diff --git a/mm/mseal.c b/mm/mseal.c index 615b6e06ab44..3285ef6b95a6 100644 --- a/mm/mseal.c +++ b/mm/mseal.c @@ -36,6 +36,66 @@ static bool can_do_mseal(unsigned int types, unsigned int flags) return true; } +/* + * check if a vma is sealed for modification. + * return true, if modification is allowed. + */ +bool can_modify_vma(struct vm_area_struct *vma, enum mm_action action, + enum caller_origin called) +{ + if (called == ON_BEHALF_OF_KERNEL) + return true; + + switch (action) { + case MM_ACTION_MPROTECT: + if (vma->vm_seals & VM_SEAL_MPROTECT) + return false; + break; + + case MM_ACTION_MUNMAP: + if (vma->vm_seals & VM_SEAL_MUNMAP) + return false; + break; + + case MM_ACTION_MREMAP: + if (vma->vm_seals & VM_SEAL_MREMAP) + return false; + break; + + case MM_ACTION_MMAP: + if (vma->vm_seals & VM_SEAL_MMAP) + return false; + break; + } + + return true; +} + +/* + * Check if the vmas of a memory range are allowed to be modified. + * the memory ranger can have a gap (unallocated memory). + * return true, if it is allowed. + */ +bool can_modify_mm(struct mm_struct *mm, unsigned long start, unsigned long end, + enum mm_action action, enum caller_origin called) +{ + struct vm_area_struct *vma; + + VMA_ITERATOR(vmi, mm, start); + + if (called == ON_BEHALF_OF_KERNEL) + return true; + + /* going through each vma to check */ + for_each_vma_range(vmi, vma, end) { + if (!can_modify_vma(vma, action, called)) + return false; + } + + /* Allow by default. */ + return true; +} + /* * Check if a seal type can be added to VMA. */ From patchwork Mon Oct 16 14:38:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423496 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76052C46CA1 for ; Mon, 16 Oct 2023 14:39:10 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 9878B8D00A9; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 90F788D00A8; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 518D38D00A9; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 375158D00A8 for ; Mon, 16 Oct 2023 10:39:06 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id EB0501209D8 for ; Mon, 16 Oct 2023 14:39:05 +0000 (UTC) X-FDA: 81351581850.29.8B9D103 Received: from mail-pg1-f177.google.com (mail-pg1-f177.google.com [209.85.215.177]) by imf06.hostedemail.com (Postfix) with ESMTP id CF6CA18001E for ; Mon, 16 Oct 2023 14:39:03 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=nBulV2zF; spf=pass (imf06.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.177 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467144; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=Ousg6g8beQYrtnIXHdPl+6es+qhdKBwPjUl+0WcHVK4=; b=yENWyAXaewghfADLDzX3nciikG+NKfzH5qMo39q7QEpa70PzTEOJWE32F90rL7BB5F5CKt SjAotjn8vj+XK5/YwaeVXkA4OHeTNC60c7Fony51B7jSGLoi4Il7t6t2zb3wGXZLrFOWPd ia0DRKnkb3P9a8UTf+PzhknYUC4nbC0= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467144; a=rsa-sha256; cv=none; b=iku6nASkRV5dqkFDVkf+gWD7GhmKYn/rcUI3FgIXzkICR8VmhntJy78FI8zWTUv7igfI3T z8g6FBT4DQqIRedfUEX1Tphhzr0SaEcC88ku90aSH3aF6QyGX9F3EU2lCAJRLNB3JouqFr wiac9rCCfYo1VRnKqi/mqfSR2gcKc10= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=nBulV2zF; spf=pass (imf06.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.177 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pg1-f177.google.com with SMTP id 41be03b00d2f7-5ab53b230f1so1741261a12.3 for ; Mon, 16 Oct 2023 07:39:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467142; x=1698071942; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Ousg6g8beQYrtnIXHdPl+6es+qhdKBwPjUl+0WcHVK4=; b=nBulV2zFqOeyeEZKROiB7mIXTcAolVymoP+xrmXWQ/5CH7o9wUojldHW7Lc1VHOLzA yL+UFglkV22nGqk6AVKBoV2KJwDEP6o8aoD7yFJVsN6uuIWyFP6GRT229lao6/lPNr+m lCRM1JD1f7e4T/GFdfQ7YSa8xjyOgrZYTkUeE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467142; x=1698071942; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Ousg6g8beQYrtnIXHdPl+6es+qhdKBwPjUl+0WcHVK4=; b=TIFhdOsk8Cpo7u+TtgYSMR3PvsV4FXlmwhJwZyd+3L9VzwG5Npcq8VloOHBoyITfRi mIRWWCRl2F/uxZeh4EkIftx9fO21DI/LJ/+ncy0e5BwQ99KkyjcKHzwTA9Q/uwzMRkLh jjZ1GVONTm8yBjQfIVpDBAhVMr2gFfbCHaipM38DxyButfDxAPSKplIgiFp0PDsS400k gL/aSP6GrLWCzQr8CmjqeAJSbVBvVja6aIzOErN2wbW9OkNL0MBnTU6Vd5luyRgMTc4i /xdpzebGIQJQ4OIi8a/BO8BZ2UzynsKhxbQ6dRp950PepIjz4lJU4o9KOc6Z0/7Trwlk 0wsw== X-Gm-Message-State: AOJu0YxLmea6c6P7SH/y4abR65RXg5653HpGKq2F8Rc686Af/iDW2gOg pGj9KSI42lR7MnVcVUOZDw5fsA== X-Google-Smtp-Source: AGHT+IGuDFDSElhARtpju/2TKNXZCv0dyrbDcGQSiLi1n6XeXR2D8iMicnP3qR+LojeqcMvPGZ4Uig== X-Received: by 2002:a05:6a21:789c:b0:14b:8b82:867f with SMTP id bf28-20020a056a21789c00b0014b8b82867fmr34279713pzc.50.1697467142619; Mon, 16 Oct 2023 07:39:02 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id jn21-20020a170903051500b001c726147a45sm8599282plb.190.2023.10.16.07.39.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:02 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 4/8] mseal: seal mprotect Date: Mon, 16 Oct 2023 14:38:23 +0000 Message-ID: <20231016143828.647848-5-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Stat-Signature: 7p58obxzi8g8x8x9tagusou1sqxzixuo X-Rspamd-Server: rspam10 X-Rspamd-Queue-Id: CF6CA18001E X-Rspam-User: X-HE-Tag: 1697467143-259807 X-HE-Meta: U2FsdGVkX190wuFAX60k5X+mlnzt/I2D/cPO9ga/pIpW8D+1QX3GdeRb0RPO8ADB2H0Af4lG87HPu7dSzWas+/UESz2uBwJJYeMl1UttU30m6qxrFGZU8BjOOECaTCWM3KtM2/IbnW5sfqz9q4w6tzhvBYNNKekxtk4rP5yKlZFwK8n+91FWoDR+9ztvbZB8if2loJGYmJMXdCHuC1TKiD4goQnOngyg9hGhWrWUjLzXXz57vBuR0M5QNNNQn7Yokvd+hWC1A2OBoNJw2rgtNB9goEfle9oxZBmqoZXywhj0aDqRDtmmpN/KW+p/u81hMaLjACDwY10LXDNTzjPG1eIogIkEg1n3ExVXsT3LkosIRXRC87vXEnN+VVUw/OTHXeLDRm/9C05HxTpqVS5tFjQXqPXXvMBToSW+UECEVC8K0hG7MgQ62p7dslKLtbkstNSgnWHnYA8SKY8SNC1sKWXkpYDqr4JCcIDbEr8Iev/esThopXvF227UxYG6nnGx5eXXn3PT3iMAIWmsk5KKjNxniAW+HwHfZc38sjivXMN6qm2vH4McNepA+dNv/HwZMoZacFHUF63Z44xa04oNdeANi69m8q6eg230AiKmrcVuTHsdl36pEhV5ZlWSHqj0Rnm/VOmIqCNzT/8dbEYBqunecLKwS1xT0FjB8pDHkonfa5QmK6TZCujpjg08L9HrY6Dw9gI04HCs8MVEkJTO9FwPWdvm21g9G7rmBVhZ6DPMKN/IdLWnW2sj0NnmGdi3SbjjTwaTlrFf9+UItwvd5Zb50uYy8XgHLPK4OU9D6clt8zVqR9FjfNUC2m2/4aSbtS0XLFI5JKU6WbBfOwjgYffG3uc4pVPwjdUfc0O0vNli7MwxNfW+aiB6FerYRwSdU//s48nHFcn0I2NVhIceaH+AwQKL4HPEybsGWOe1h0oK+IE5mTPSYiBFdEMCNk9U2muwEbHw6DtWvFCrHU/ wA52XHBN 3LTFABZIkWG9965D6ZohQ69b7aTnnHew5zbHb8KE1OoUoxBtmgRBG0amNDXqCtlqIPYBEpeMQuYOTzgA4uo1VeAh9Fb6RvJQ8r63nagrOsfCtrzvPsuIxb5CNW2pqChX4P+U5scn9pB468yf4MIAIRfFRzbPFh3Zt0jAPTJ6WCNc0Qt3R0N0OyVbGM41leNrifwncByyze9fjAneAONFvFuXvP7l2snt3d2HqRHuSlcTb1DbRCcQcciHbztA9ur7/OfPqkpkPhSZ9oMvwBUNucJl7+pWyY4qbO7L7EMyHimIkJUzxXmlHgJsc9IidNA2RA5UQ X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu check sealing for mprotect(2). Signed-off-by: Jeff Xu --- mm/mprotect.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/mm/mprotect.c b/mm/mprotect.c index 130db91d3a8c..5b67c66d55f7 100644 --- a/mm/mprotect.c +++ b/mm/mprotect.c @@ -753,6 +753,12 @@ static int do_mprotect_pkey(unsigned long start, size_t len, } } + if (!can_modify_mm(current->mm, start, end, MM_ACTION_MPROTECT, + ON_BEHALF_OF_USERSPACE)) { + error = -EACCES; + goto out; + } + prev = vma_prev(&vmi); if (start > vma->vm_start) prev = vma; From patchwork Mon Oct 16 14:38:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423497 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8D3FBCDB474 for ; Mon, 16 Oct 2023 14:39:13 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4A4528E0002; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 42FB68E0001; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 237578E0002; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 0E1218E0001 for ; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) Received: from smtpin13.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay08.hostedemail.com (Postfix) with ESMTP id C2A3214094F for ; Mon, 16 Oct 2023 14:39:06 +0000 (UTC) X-FDA: 81351581892.13.A52B8CB Received: from mail-pf1-f181.google.com (mail-pf1-f181.google.com [209.85.210.181]) by imf28.hostedemail.com (Postfix) with ESMTP id D9B86C0012 for ; Mon, 16 Oct 2023 14:39:04 +0000 (UTC) Authentication-Results: imf28.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=HH0iNx0E; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf28.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467144; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=ToXeatSf9Mfv/4ML/0TPcwOvX/byGqXHxsHhNXC33wk=; b=Kve9ZjtC0hK+NJztylk6d2PJm1vqtbXXAAisG7GNscLNQl7JKJs/RbNl9bMDN/zeoLIflx YuU+260wLHBzGex0ZeCHvauyK7mg33uDOLvpW17pLDle8xjSGMDGgG280w3yNTwbT9xfz9 w++29MIlG9qYEEs8Mvzk/6KBa8fYl3M= ARC-Authentication-Results: i=1; imf28.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=HH0iNx0E; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf28.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.181 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467144; a=rsa-sha256; cv=none; b=rr4PAv8oiZd6Voe8dbZoEk2kOxcq5POCoBFFaWMgfcw5g3WQJWxs+0cjXQnIroyZd7RKWy 95fXwy7/QziyQSUc5ClYmcyiq0irkYNRm4yyybGanXAvQhFIq9YKJyUzg4QWdv6Mm/mX58 g0MpznhR4jIS2elkVVeQjqDXypOHibo= Received: by mail-pf1-f181.google.com with SMTP id d2e1a72fcca58-692d2e8c003so4233428b3a.1 for ; Mon, 16 Oct 2023 07:39:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467144; x=1698071944; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ToXeatSf9Mfv/4ML/0TPcwOvX/byGqXHxsHhNXC33wk=; b=HH0iNx0EY9LP9jov6aW/O7AUU/em7wH/XH2K4JodiC2ob0xZZeXMcQRspfElPkHmt1 XtAerKzv8SlTvIFRBXTxhdKdDcIKVYTK47P006XYdZVT8qiBSE2P+tZqMxuY7P+ltg6P jrhXFlFfoaYR5lSp9o95DOtaS5lgbcjIfVuX4= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467144; x=1698071944; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ToXeatSf9Mfv/4ML/0TPcwOvX/byGqXHxsHhNXC33wk=; b=Zab6kE6vofmR0qq1M0izEayjBy480wzEaR9CxG9NfuwYRinw6h//d9miaaxh1VsQ1F zwaE6HTkok29l3xP6uaDKGHmFib7jPaqkVOEyd5VSpD68rBn5zeY10CkaIQVjjwQVqom 99TQjvNhDJmgR59Tr1PVFfW3e/a9Vw01Su3itZzTcgpyrofQcCqd1G6f6aolROnb5yuo P4gpx4TATb0taQ6wzkEUrFImVwNSyCncAnlqjP66rn2rVGtvvE17FGI50PiKvturaSB5 W5RaJhGntlFVArH/0OySi0zxxuHXMQBbmRmpXTDX4vCY7ywrj81mn8b73HMyZdNT70JH lPkQ== X-Gm-Message-State: AOJu0Yw240JAabvWxO7nMxq+r8b7m+6D3dnLtgnQ3sBFgXQy7q2olGIQ 4JKkT2zIUQfToCbSrO7DQpmlDQ== X-Google-Smtp-Source: AGHT+IGTMvdTkJGIXeUoXD08iW19uI3xY7OaVN1hUVre2xWAlvcHGioIeC96pEHSOxAKKy9n0wApCA== X-Received: by 2002:a05:6a20:1614:b0:133:1d62:dcbd with SMTP id l20-20020a056a20161400b001331d62dcbdmr10851831pzj.28.1697467143679; Mon, 16 Oct 2023 07:39:03 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id j18-20020aa79292000000b006875df4773fsm18206313pfa.163.2023.10.16.07.39.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:03 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 5/8] mseal munmap Date: Mon, 16 Oct 2023 14:38:24 +0000 Message-ID: <20231016143828.647848-6-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspam-User: X-Stat-Signature: iuyi5wmp4r87a6swicejc4rtsfr5yjig X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: D9B86C0012 X-HE-Tag: 1697467144-147439 X-HE-Meta: U2FsdGVkX19IosKTFxLK2l1MHLG/NZ6qVd4plpf6tildaybotEL7mxouZyLrj2p0bVXn0kUMGaw0YbdD74386CJHjBq8Rk4KhJUqRmh+D65zhAhUjx4U/0RspNux+D3xrZvCoqbmMbp5eWDKp+2uSMVpzYqhjAwWB/l/e8ilZO8hnqEVLNiVaRXIp3z9tc/FX6vRxjNYu9dbv6/LqNAY1GJYG+XBHZCmPvF70TlYpP9WXWUGTI4QRCy1eXeAiTLXHP4AtT3+/EhROBKnKwOzheux2TIK6zDclEBUriGX2+jQG809e07TWBxAdpMa5tq1/Dcdw7dRSC5DGY7J12jx9+KbF8R2iNDAu38PN5Dr2ZEsVwUUG3ripL3M0M8HNDiBRhsIZMYH3DZaOejBpxAgsuBVnUb3qqDQetI/1NG72fwBNgxSrhzbwgoRu4s1qirPLLeDaK1qLLIOVMTVbDXdCmcsYGS2jh6jOFVbnYqOOy2uHjoHue9EV+nvp3ZCjDVPWT1MEEfXkyEnqW7kqN0SCkuBqv/zUpzIDINWBJqYOASdpuA7/g4U86bksyuGRQbsBHdpWBPXbbbEjaim0HMpumTA1owELL4Cl30kVBfs7XoRRtweqXVhJ9aTta1iYHiIntwZIzvrJososzbRCPGgF4UMv3zZVs1Yi2NXArVHfTQjmJvXQkgdGkNF2YiQ5oPTlgxyp5dOYX1Cd4bPG6nFhfof2YBb0o2LkC/Q2N1QgsOXU7if9SlLaod15tsJ64Sh+A3SNeFh9/xeThs0A60DJkYTmFLvVVothPWkwMQlnbVMSXlHxuoTbkAZENu9POigxbuUZg4GKwumaa2JrZErmSs8pyGbU4dOkYQA+rATnnVk4+Cb1E+u9hulWRC1WxxSCGN3Wr7LXidbgg6J79i1wbwExYnak05pjdqpe7nVG8H08o0/cSmSZ6bJV0ITSpZ/7vBU1isqdmuALO7bj96 eCv351eu 5I2Db6pe123RH3GjHUwtgQ6lC56o8+vbK9f4jzfTBBuaXmSkuCHVSZQUA87XNuVm5JUUVrKy+IMJYQvKx9OKkpWuDryezM8X8d1BpST+PpUiQjoonuyx2GVub7vRNAjdIXg8qBqJU+/8CqomWg67qBNzQ2ErWCACVhICMBqe48ldT+LSqlkhd/7Q5Tsi2ueIwwqj2WU4g9c2dTim92niqW+JN7G7/JJy1Knw8/pHd/7LhSFYNt1R1FQRg/XJNYgkkEgVcXIb74Eke5yWc7UyUUuaQOsU85mI6wcBPPrbxxbPic7EdWo6HTBbLWmLL6JdiY6ESIlnkzSCbza0= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu check seal for munmap(2). Signed-off-by: Jeff Xu --- include/linux/mm.h | 2 +- mm/mmap.c | 22 ++++++++++++++-------- mm/mremap.c | 5 +++-- 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/include/linux/mm.h b/include/linux/mm.h index aafdb68950f8..95b793eb3a80 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3294,7 +3294,7 @@ extern unsigned long do_mmap(struct file *file, unsigned long addr, unsigned long pgoff, unsigned long *populate, struct list_head *uf); extern int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, unsigned long start, size_t len, struct list_head *uf, - bool unlock); + bool unlock, enum caller_origin called); extern int do_munmap(struct mm_struct *, unsigned long, size_t, struct list_head *uf); extern int do_madvise(struct mm_struct *mm, unsigned long start, size_t len_in, int behavior); diff --git a/mm/mmap.c b/mm/mmap.c index 9b6c477e713e..f4bfcc5d2c10 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -2601,6 +2601,7 @@ do_vmi_align_munmap(struct vma_iterator *vmi, struct vm_area_struct *vma, * @len: The length of the range to munmap * @uf: The userfaultfd list_head * @unlock: set to true if the user wants to drop the mmap_lock on success + * @called: caller origin * * This function takes a @mas that is either pointing to the previous VMA or set * to MA_START and sets it up to remove the mapping(s). The @len will be @@ -2611,7 +2612,7 @@ do_vmi_align_munmap(struct vma_iterator *vmi, struct vm_area_struct *vma, */ int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, unsigned long start, size_t len, struct list_head *uf, - bool unlock) + bool unlock, enum caller_origin called) { unsigned long end; struct vm_area_struct *vma; @@ -2623,6 +2624,9 @@ int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, if (end == start) return -EINVAL; + if (!can_modify_mm(mm, start, end, MM_ACTION_MUNMAP, called)) + return -EACCES; + /* arch_unmap() might do unmaps itself. */ arch_unmap(mm, start, end); @@ -2650,7 +2654,8 @@ int do_munmap(struct mm_struct *mm, unsigned long start, size_t len, { VMA_ITERATOR(vmi, mm, start); - return do_vmi_munmap(&vmi, mm, start, len, uf, false); + return do_vmi_munmap(&vmi, mm, start, len, uf, false, + ON_BEHALF_OF_KERNEL); } unsigned long mmap_region(struct file *file, unsigned long addr, @@ -2684,7 +2689,7 @@ unsigned long mmap_region(struct file *file, unsigned long addr, } /* Unmap any existing mapping in the area */ - if (do_vmi_munmap(&vmi, mm, addr, len, uf, false)) + if (do_vmi_munmap(&vmi, mm, addr, len, uf, false, ON_BEHALF_OF_KERNEL)) return -ENOMEM; /* @@ -2909,7 +2914,8 @@ unsigned long mmap_region(struct file *file, unsigned long addr, return error; } -static int __vm_munmap(unsigned long start, size_t len, bool unlock) +static int __vm_munmap(unsigned long start, size_t len, bool unlock, + enum caller_origin called) { int ret; struct mm_struct *mm = current->mm; @@ -2919,7 +2925,7 @@ static int __vm_munmap(unsigned long start, size_t len, bool unlock) if (mmap_write_lock_killable(mm)) return -EINTR; - ret = do_vmi_munmap(&vmi, mm, start, len, &uf, unlock); + ret = do_vmi_munmap(&vmi, mm, start, len, &uf, unlock, called); if (ret || !unlock) mmap_write_unlock(mm); @@ -2929,14 +2935,14 @@ static int __vm_munmap(unsigned long start, size_t len, bool unlock) int vm_munmap(unsigned long start, size_t len) { - return __vm_munmap(start, len, false); + return __vm_munmap(start, len, false, ON_BEHALF_OF_KERNEL); } EXPORT_SYMBOL(vm_munmap); SYSCALL_DEFINE2(munmap, unsigned long, addr, size_t, len) { addr = untagged_addr(addr); - return __vm_munmap(addr, len, true); + return __vm_munmap(addr, len, true, ON_BEHALF_OF_USERSPACE); } @@ -3168,7 +3174,7 @@ int vm_brk_flags(unsigned long addr, unsigned long request, unsigned long flags) if (ret) goto limits_failed; - ret = do_vmi_munmap(&vmi, mm, addr, len, &uf, 0); + ret = do_vmi_munmap(&vmi, mm, addr, len, &uf, 0, ON_BEHALF_OF_KERNEL); if (ret) goto munmap_failed; diff --git a/mm/mremap.c b/mm/mremap.c index 056478c106ee..e43f9ceaa29d 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -715,7 +715,8 @@ static unsigned long move_vma(struct vm_area_struct *vma, } vma_iter_init(&vmi, mm, old_addr); - if (!do_vmi_munmap(&vmi, mm, old_addr, old_len, uf_unmap, false)) { + if (!do_vmi_munmap(&vmi, mm, old_addr, old_len, uf_unmap, false, + ON_BEHALF_OF_KERNEL)) { /* OOM: unable to split vma, just get accounts right */ if (vm_flags & VM_ACCOUNT && !(flags & MREMAP_DONTUNMAP)) vm_acct_memory(old_len >> PAGE_SHIFT); @@ -1009,7 +1010,7 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, } ret = do_vmi_munmap(&vmi, mm, addr + new_len, old_len - new_len, - &uf_unmap, true); + &uf_unmap, true, ON_BEHALF_OF_KERNEL); if (ret) goto out; From patchwork Mon Oct 16 14:38:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423498 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9042FCDB465 for ; Mon, 16 Oct 2023 14:39:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 2D3DE8E0003; Mon, 16 Oct 2023 10:39:08 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 2581C8E0001; Mon, 16 Oct 2023 10:39:08 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 05D088E0003; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0014.hostedemail.com [216.40.44.14]) by kanga.kvack.org (Postfix) with ESMTP id DF9208E0001 for ; Mon, 16 Oct 2023 10:39:07 -0400 (EDT) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id A7EFA409A2 for ; Mon, 16 Oct 2023 14:39:07 +0000 (UTC) X-FDA: 81351581934.29.C4C560D Received: from mail-pg1-f180.google.com (mail-pg1-f180.google.com [209.85.215.180]) by imf17.hostedemail.com (Postfix) with ESMTP id E09D240026 for ; Mon, 16 Oct 2023 14:39:05 +0000 (UTC) Authentication-Results: imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=UIQJSIwE; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.180 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467145; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=+0Sn/gKJWR6siX+0KJWM5lAESAe3sWf60qybDDt1Pys=; b=FEv/+1OIj/iGKP7EvGPgT0tTfneCA2B+CU3VD9obLz3iW7sw/YAREffWb0KJQxUdXeG0H3 OP7QPkxP+jgdE3XW00fQ4tsjodCvVxs2Jhcm7n6Ffyl8wbR41gYJQCPmwrLDZCTABeG/// pHCueBCnH3rrHQQii/GdYxI1lRboSRw= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467145; a=rsa-sha256; cv=none; b=IrMLXKYiCXXIaKPDHkBf001KZE2FRZ01W4blKzUvkDIa9yUmvHjZvJ+ol9aHbIOnA8Y8nh GIB72VQindYQ/GAWVROUlDRdsGksy95Z0bXqNG7CyScT/9qlijq9P6FGjAUXcYQed2oJqt 5kBMeTDD/1gc9Gnt93ac9a0PpG4vt+A= ARC-Authentication-Results: i=1; imf17.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=UIQJSIwE; spf=pass (imf17.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.215.180 as permitted sender) smtp.mailfrom=jeffxu@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pg1-f180.google.com with SMTP id 41be03b00d2f7-584a761b301so3374765a12.3 for ; Mon, 16 Oct 2023 07:39:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467145; x=1698071945; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+0Sn/gKJWR6siX+0KJWM5lAESAe3sWf60qybDDt1Pys=; b=UIQJSIwESUj8f36Oz+4wv5Ux1ZP+BGDSsRO+luklo546YiEoJs/mkScUGRDvqDk1zQ 3Fs+0DBChVJ4EBw+tLDGjrwjTLK1OtFDI3z2HogZDlkJ4VGxjJGEqyVP8UVuZ0T8o2F9 U6Ih8z+fAYrTomqv1ePCpjR7zTAGgUdBST/JA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467145; x=1698071945; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+0Sn/gKJWR6siX+0KJWM5lAESAe3sWf60qybDDt1Pys=; b=ClxtL2PSP+9WlRQ2woCadb/qBhhUpkmpbWD/tLcBGlG1MSH8qD0DdIeAl/bSkAHQ8J 1WPOY8K94/S6pJHiYzjDEODfe2tFSYRHvN91I3K9b6/ZUHDXPfbc8Nq83B+FOVGzXDE+ wAdJKwsf8IstMewSZ0MmHapr70v/1/Y+6VX6qkpaB7mINmvV/QrsMO/XyejsdERWtQyU nHa9T0TW9T2YqJHlGMR/ygOQ4Tg3eg5JdylMXZac1Tmf04owgcyQM2EdIdGdvGiUi5gX FiJACHYg2uWnyOVr8MYAHaKM7JAo41EVTJECrqpqvoLx6zui/g5Ai2f9BuIk+Su6YsUA AbIw== X-Gm-Message-State: AOJu0YzdH76QfaKU9PF6+TnDtNZLNGWGTt3lzjPT+JafvPSxbGylu4Sl tU5ryUL2xtsQHP66cNfB0xN8yg== X-Google-Smtp-Source: AGHT+IHQKvwpFIbGSIva7hn5sjCBlscbClIlMg0fHg4jXNaku6Zt8hbJMcw6wC8Uuvj5QeuKGPqvTA== X-Received: by 2002:a17:90b:1fc6:b0:27d:4283:b8a2 with SMTP id st6-20020a17090b1fc600b0027d4283b8a2mr7510538pjb.14.1697467144783; Mon, 16 Oct 2023 07:39:04 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id nh24-20020a17090b365800b0026f39c90111sm5008030pjb.20.2023.10.16.07.39.04 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:04 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 6/8] mseal mremap Date: Mon, 16 Oct 2023 14:38:25 +0000 Message-ID: <20231016143828.647848-7-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspamd-Queue-Id: E09D240026 X-Rspam-User: X-Stat-Signature: gfyfhihsymwcxkkwm7j7go9yj1emp1gn X-Rspamd-Server: rspam03 X-HE-Tag: 1697467145-870285 X-HE-Meta: U2FsdGVkX18SxpGHGpLT6YgurRJide9oetH4bM5SUEwL0vbDQcUONgWjQw3qNV9voJ4iybhh3djyBaguFdJAvSvEyCrh6fHYmx9Rh+PR4340oIy7j9aXKKGP+l6XMYAEaQqg/C/r6V7aynbftE8qySBnxA7sLwoBlHhNzxb1BD9AMfLRlmTJDH+IhjVTd5YQ5Tn48Lc83mkwhprY898q4oHxAB5RkESdXA7tXKIu3L3ZeD3vNrzERLhKNSDibf1wJP5x4oOO4VXFHuOLspLIPh5gfix8hm2xLcwWJcWl59T7jkUyhy7mPEiGv6q5YZnr37FJdl8xAI81Gj9OsGvB9qN94UAakCn6No8tovyD6M2BGWOuhUEDcbHLifUqvkfK5c8o7/i2yxAOCZqLcZlxLn3hkfP20lMMs8azb0Dv9kQRWGhCKTlgFFcAuxjc51jH0kkvliUXDAg0ev1xHGlzQgr52tbRXivisSz4D5IiMtK6ZgVU85UIc1TDpjzw/JYm6r+2l1ZGU9rcENi18sf5TiLs2be4vVzGmj3/XInhPElSUToJjAue/vwcRtLPNEhF7BKrfzRgMcpYvQoUD4BkFWmPZU8DqLG8bpc0V79H6N+BoqgSz15YaEX1do5hc32AXWYG3vgwux73pPhCIieWQbhjj6RQtaWFyetWWOzpxccCNqz+kqMOcep8NPPe3zBrlheN+x6AeX3iPsAaV6GdGKwALAL8YMlWZ/MnK8eR+VbzBUoJ3JeidiEHzPC19jzT00GqzXfyJEdIZnrincUdX5rzi69aEQsFnJl4LPWdsi1OhalYOXxG5spTZ86PlGlpnP2tjQy191jAAcGgzlSAVgzMcxN3ngDY43Zn4KNVQMUpnyiqDxBkFkRpD/8pZ/tzhzJUl283jDC822MwfMjQqYc81aIUO0zu+daVTUJGV4WU4AqIHOfEYYrY7Oa3ktVbbX0l2LGUrZkVcQTC7gx PHnhewQE 1oM30OI2FDeMHji4pRl2q4lTKQG8kyy2cdBgQMwNlvmX3kKb2yILHJVqPlLHWInJHBwlEJfmJD1H9GipjwdDeJyqCUCygvwtE6owevUTPyVz4iplRgQRchwpWn0/p6fnFOqKDZd4VyUApY8imNhV+GX/ZQ0LISXVV84XRs6f0RDoqep5TZLmmAyCgPAjzPB/9ArCTL2Y8DKgLCovBTz02BQghaB1G1z/XaRdNpidVelKfWgAO4R4Z0uz3Ji5lfaV0QyU5b/BT72KHjM1nhl0KEzfIxVHtLq5B8KJN3HINAX01novKsPOJk8M2SB38xbXMsjBj X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu check seal for mremap(2) Signed-off-by: Jeff Xu --- mm/mremap.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/mm/mremap.c b/mm/mremap.c index e43f9ceaa29d..2288f9d0b126 100644 --- a/mm/mremap.c +++ b/mm/mremap.c @@ -836,7 +836,15 @@ static unsigned long mremap_to(unsigned long addr, unsigned long old_len, if ((mm->map_count + 2) >= sysctl_max_map_count - 3) return -ENOMEM; + if (!can_modify_mm(mm, addr, addr + old_len, MM_ACTION_MREMAP, + ON_BEHALF_OF_USERSPACE)) + return -EACCES; + if (flags & MREMAP_FIXED) { + if (!can_modify_mm(mm, new_addr, new_addr + new_len, + MM_ACTION_MREMAP, ON_BEHALF_OF_USERSPACE)) + return -EACCES; + ret = do_munmap(mm, new_addr, new_len, uf_unmap_early); if (ret) goto out; @@ -995,6 +1003,12 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, goto out; } + if (!can_modify_mm(mm, addr, addr + old_len, MM_ACTION_MREMAP, + ON_BEHALF_OF_USERSPACE)) { + ret = -EACCES; + goto out; + } + /* * Always allow a shrinking remap: that just unmaps * the unnecessary pages.. From patchwork Mon Oct 16 14:38:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423499 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1E4EECDB482 for ; Mon, 16 Oct 2023 14:39:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 3BED48E0005; Mon, 16 Oct 2023 10:39:09 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 348178E0001; Mon, 16 Oct 2023 10:39:09 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 147B88E0005; Mon, 16 Oct 2023 10:39:09 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id F05BA8E0001 for ; Mon, 16 Oct 2023 10:39:08 -0400 (EDT) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay02.hostedemail.com (Postfix) with ESMTP id BD6371209AE for ; Mon, 16 Oct 2023 14:39:08 +0000 (UTC) X-FDA: 81351581976.14.AC7D564 Received: from mail-pf1-f169.google.com (mail-pf1-f169.google.com [209.85.210.169]) by imf24.hostedemail.com (Postfix) with ESMTP id E8098180034 for ; Mon, 16 Oct 2023 14:39:06 +0000 (UTC) Authentication-Results: imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=MhccsxDN; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.169 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467147; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=V/gIGzcs1doxA1NJxoF7qbwpya/fXwG7eIiuzPMtoy8=; b=UFXy/lnnbaMXKazZXCw29SWVy3W1RLHz2ewuj1Ro+IKd+4Oce0WDWZ8kQ8+AiVqt1pDbVA kqjZ4EbGpCQtE3p1h9wFOC34s9iOcskYBPgPcDOccK64t3FPiyM2cHEnTnimGgV6EztwHW t6dQ0aiXSZK8TV+vPCbIl0cVtWLc8y0= ARC-Authentication-Results: i=1; imf24.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=MhccsxDN; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf24.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.210.169 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467147; a=rsa-sha256; cv=none; b=iAvMI8jYNjspwu/J8ek+cLb7S2vpB9xzDT0ipsRIyOh10RezZvmJbUwSrdPnfm6+NDSEWm 3YGY592tCqJT04kyXDiU0CpKunzBZI0Hcj/o12KPHbQQbLMw3UKQbfMWBgHrzcUqsp8zAz Fv5pamNvEveTAHeZW+U+tjSLsZyjKu0= Received: by mail-pf1-f169.google.com with SMTP id d2e1a72fcca58-68fb85afef4so3572552b3a.1 for ; Mon, 16 Oct 2023 07:39:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467146; x=1698071946; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=V/gIGzcs1doxA1NJxoF7qbwpya/fXwG7eIiuzPMtoy8=; b=MhccsxDNiwobrHrg+xy2Ifx2Locx67+zlimzG7HUK4qZzLr4RScPWqaCxepy9J7le3 xAYd7YRFKiVEuqUytOfu6U0lj9mNcdu2cqmt4sgGeWji+WXF/CCCoJoTJA4fkNZhJ4sV O4gJtxbFLIsi5l7vtByVWCCjdQmD3f2s87o6w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467146; x=1698071946; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=V/gIGzcs1doxA1NJxoF7qbwpya/fXwG7eIiuzPMtoy8=; b=vA5bncQKmp7uZsPeNLQWV/eGGxlovydispBg0VQvuq/9vYOCLhW2H0NgjPFS205VwJ mkWJ/00ul6MEuUjhz+3oXkNTgZaxVuAdyRbgVNhh+LxLeRcjy5mgdZZvUu225R9GK7zp HjFslq8DwmZax0u68G6z63+hijK+V4ZoX94NWt5X9WKQKw7NMQ53HFeLZom6Sq9u+Enm FbKAMhtBhPF3g07D0H5oKyFECQ0f2pUK9ZpIw9Dje4JJZX/BXoIoCw1rrL2jMYyFBFhE t6ghbrohlltRji0H2GCN9Cwbeg/QGEjuJUUAgGYgWXMp53zRzNG2UuJcQkBUvLamAtLm Uu8Q== X-Gm-Message-State: AOJu0YyaVWmH8ouYEEVF/iwzhgTJlXhd9NxCf9l7bSH1OMkOUvP+4ZC6 pmUrJQJuCEtwlyDLU7sO/MDK3w== X-Google-Smtp-Source: AGHT+IGJ+u/+BP/wEz8Z/WX19EscYJm5hsgzyBNr8KRyM+S3cXUOr85FAH7+MHGwT0v4RcdPcoyC1A== X-Received: by 2002:a05:6a20:3c89:b0:173:3ef3:236a with SMTP id b9-20020a056a203c8900b001733ef3236amr14858732pzj.21.1697467145854; Mon, 16 Oct 2023 07:39:05 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id jw10-20020a170903278a00b001c5fa48b9a0sm8574385plb.33.2023.10.16.07.39.05 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:05 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 7/8] mseal mmap Date: Mon, 16 Oct 2023 14:38:26 +0000 Message-ID: <20231016143828.647848-8-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspamd-Server: rspam09 X-Rspamd-Queue-Id: E8098180034 X-Stat-Signature: em4tz6s1xqy39smejdtu9k48ahwss647 X-Rspam-User: X-HE-Tag: 1697467146-352944 X-HE-Meta: U2FsdGVkX1+LsVpY48LX8Cy5cAPVM3QB83HFX5SLwDV7icMYutyIKytS5R502h6cDArCG5lni28Vhmk+ldwYwmKjZ8uqpiClhtWMQZ4BkaeCGSYzT83o9zMYFNYY/cp6iMazaQONxLQ9WPJ2r1WBV1iPwWKBXjQdOciU1U4IJ4w35+fkJySp3hFLACzLd6oS3wQS4XEBL2VBC5PXh26pHOdcOp9Ud6MtAJv2reBB/u+HdEayVfULtrPvn9wu5V++gGQRpA0eAsPmPZSrdO/R7EWdKIkwJl8BE7oWVgUpjBrMOKCjBGgw1LY6HUqhqOQSFb3tKhfJAwFa9lb60QCejhbliBrVu5eVKxWUCHFucYAUvLdbf2d9dW4o+VNZD9AMnq8VExEgYoZUQICdkdXWU+ctxixdn1Q9ZHTqRPwG+WWT+VxhyZt3Zykr/QcgWN20ezdfC2fqN5nG0+GDYcU05z6P9NTgFcqhv65hm6M98lgUFzp4YWoO0mYXth0BG2HB0L7bgdlsIcriAOc/BhNcRTYu9c+0ZCoPOfZj17ngZE5APQYGGRNbnZxvrfNLHrbcvBPvFWGqmtfrgXzf3A0m9B6NE37h3tonqSg6oYM/szeqn46OwEGUQUNBPrBIWFJo3AKRz/DMJKHI/XQocJ7oW6deeYpJTjOuAL4/PlHmPqmo4CorGPvKt5XyrLcHso37B36Ao78RE2VzY05LJw7hrumhEtovAOVPp7cuFkLZGlQY4BpyhmM1wZqc+esogqBPF0bc/OF0eC/Wb2TfqZyrBc1kF2SKQTPka7iEywSC4Yp9ncShTPizZFz7pzuzhGk61cb+uedOsataJhsPVz8ewwbe2TxMcQ2tJo3tVD/5gqKDKPfwmKx1ThCefe4CEap/gDXLkdrobGN7lHDKEExoau6Mv0/D+vbA2NcD2GSxC0s4u9yPogHAXP4DXo4vyLYrAsb2N6yvgoPg5vliU95 mAjhM3Fr yAlyok57dc7uN+rByco2pJ8urM3PoyLOInUHgnpl2IGT7tvMrm1dJKOaOSZeJncn+liV0H77s8rp8ipnWqbN5moLzk3uJUJkCX4zyN98lAYjAViVzkAS6nIDBDEUljpmttPmjRt6H5xX8wCKQGNIjXlci0kNGAXP9m1F0gSNUe3w/9/LduuHghq0Zp6oMQhDwmITwMx3Q5yQ7oAWw+ZGeKlvEkPVjpKR2uzq4UWm3rLxrmmdMXMqH2Y+gGLFMML7vj+GMtccaY9OQDZygF9FhsmHyWtpzn7UoLxo40djLE+u97BFkq3WpDHiP9/DcsjGCFIl8ehOA0cZqheg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu check seal for mmap(2) Signed-off-by: Jeff Xu --- fs/aio.c | 5 +++-- include/linux/mm.h | 5 ++++- ipc/shm.c | 3 ++- mm/internal.h | 4 ++-- mm/mmap.c | 13 +++++++++---- mm/nommu.c | 6 ++++-- mm/util.c | 8 +++++--- 7 files changed, 29 insertions(+), 15 deletions(-) diff --git a/fs/aio.c b/fs/aio.c index b3174da80ff6..81040126dd45 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -557,8 +557,9 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events) } ctx->mmap_base = do_mmap(ctx->aio_ring_file, 0, ctx->mmap_size, - PROT_READ | PROT_WRITE, - MAP_SHARED, 0, &unused, NULL); + PROT_READ | PROT_WRITE, MAP_SHARED, 0, &unused, + NULL, ON_BEHALF_OF_KERNEL); + mmap_write_unlock(mm); if (IS_ERR((void *)ctx->mmap_base)) { ctx->mmap_size = 0; diff --git a/include/linux/mm.h b/include/linux/mm.h index 95b793eb3a80..ffa2eb9bd475 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -3289,9 +3289,12 @@ extern unsigned long get_unmapped_area(struct file *, unsigned long, unsigned lo extern unsigned long mmap_region(struct file *file, unsigned long addr, unsigned long len, vm_flags_t vm_flags, unsigned long pgoff, struct list_head *uf); + extern unsigned long do_mmap(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, - unsigned long pgoff, unsigned long *populate, struct list_head *uf); + unsigned long pgoff, unsigned long *populate, struct list_head *uf, + enum caller_origin called); + extern int do_vmi_munmap(struct vma_iterator *vmi, struct mm_struct *mm, unsigned long start, size_t len, struct list_head *uf, bool unlock, enum caller_origin called); diff --git a/ipc/shm.c b/ipc/shm.c index 60e45e7045d4..14aebeefe155 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -1662,7 +1662,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, goto invalid; } - addr = do_mmap(file, addr, size, prot, flags, 0, &populate, NULL); + addr = do_mmap(file, addr, size, prot, flags, 0, &populate, NULL, + ON_BEHALF_OF_KERNEL); *raddr = addr; err = 0; if (IS_ERR_VALUE(addr)) diff --git a/mm/internal.h b/mm/internal.h index d1d4bf4e63c0..4361eaf3d1c6 100644 --- a/mm/internal.h +++ b/mm/internal.h @@ -800,8 +800,8 @@ extern u64 hwpoison_filter_memcg; extern u32 hwpoison_filter_enable; extern unsigned long __must_check vm_mmap_pgoff(struct file *, unsigned long, - unsigned long, unsigned long, - unsigned long, unsigned long); + unsigned long, unsigned long, unsigned long, unsigned long, + enum caller_origin called); extern void set_pageblock_order(void); unsigned long reclaim_pages(struct list_head *folio_list); diff --git a/mm/mmap.c b/mm/mmap.c index f4bfcc5d2c10..a42fe27a7d04 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1197,7 +1197,8 @@ static inline bool file_mmap_ok(struct file *file, struct inode *inode, unsigned long do_mmap(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, unsigned long flags, unsigned long pgoff, - unsigned long *populate, struct list_head *uf) + unsigned long *populate, struct list_head *uf, + enum caller_origin called) { struct mm_struct *mm = current->mm; vm_flags_t vm_flags; @@ -1365,6 +1366,9 @@ unsigned long do_mmap(struct file *file, unsigned long addr, vm_flags |= VM_NORESERVE; } + if (!can_modify_mm(mm, addr, addr + len, MM_ACTION_MMAP, called)) + return -EACCES; + addr = mmap_region(file, addr, len, vm_flags, pgoff, uf); if (!IS_ERR_VALUE(addr) && ((vm_flags & VM_LOCKED) || @@ -1411,7 +1415,8 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, return PTR_ERR(file); } - retval = vm_mmap_pgoff(file, addr, len, prot, flags, pgoff); + retval = vm_mmap_pgoff(file, addr, len, prot, flags, pgoff, + ON_BEHALF_OF_USERSPACE); out_fput: if (file) fput(file); @@ -3017,8 +3022,8 @@ SYSCALL_DEFINE5(remap_file_pages, unsigned long, start, unsigned long, size, flags |= MAP_LOCKED; file = get_file(vma->vm_file); - ret = do_mmap(vma->vm_file, start, size, - prot, flags, pgoff, &populate, NULL); + ret = do_mmap(vma->vm_file, start, size, prot, flags, pgoff, + &populate, NULL, ON_BEHALF_OF_KERNEL); fput(file); out: mmap_write_unlock(mm); diff --git a/mm/nommu.c b/mm/nommu.c index 8dba41cfc44d..8c11de5dd8e6 100644 --- a/mm/nommu.c +++ b/mm/nommu.c @@ -1018,7 +1018,8 @@ unsigned long do_mmap(struct file *file, unsigned long flags, unsigned long pgoff, unsigned long *populate, - struct list_head *uf) + struct list_head *uf, + enum caller_origin called) { struct vm_area_struct *vma; struct vm_region *region; @@ -1262,7 +1263,8 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, goto out; } - retval = vm_mmap_pgoff(file, addr, len, prot, flags, pgoff); + retval = vm_mmap_pgoff(file, addr, len, prot, flags, pgoff, + ON_BEHALF_OF_USERSPACE); if (file) fput(file); diff --git a/mm/util.c b/mm/util.c index 4ed8b9b5273c..aaf37c3af517 100644 --- a/mm/util.c +++ b/mm/util.c @@ -532,7 +532,8 @@ EXPORT_SYMBOL_GPL(account_locked_vm); unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr, unsigned long len, unsigned long prot, - unsigned long flag, unsigned long pgoff) + unsigned long flag, unsigned long pgoff, + enum caller_origin called) { unsigned long ret; struct mm_struct *mm = current->mm; @@ -544,7 +545,7 @@ unsigned long vm_mmap_pgoff(struct file *file, unsigned long addr, if (mmap_write_lock_killable(mm)) return -EINTR; ret = do_mmap(file, addr, len, prot, flag, pgoff, &populate, - &uf); + &uf, called); mmap_write_unlock(mm); userfaultfd_unmap_complete(mm, &uf); if (populate) @@ -562,7 +563,8 @@ unsigned long vm_mmap(struct file *file, unsigned long addr, if (unlikely(offset_in_page(offset))) return -EINVAL; - return vm_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT); + return vm_mmap_pgoff(file, addr, len, prot, flag, offset >> PAGE_SHIFT, + ON_BEHALF_OF_KERNEL); } EXPORT_SYMBOL(vm_mmap); From patchwork Mon Oct 16 14:38:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jeff Xu X-Patchwork-Id: 13423500 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 119EDCDB465 for ; Mon, 16 Oct 2023 14:39:21 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 987A18E0007; Mon, 16 Oct 2023 10:39:10 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89BE48E0001; Mon, 16 Oct 2023 10:39:10 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 5DD148E0007; Mon, 16 Oct 2023 10:39:10 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 42F858E0001 for ; Mon, 16 Oct 2023 10:39:10 -0400 (EDT) Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 116991A09AC for ; Mon, 16 Oct 2023 14:39:10 +0000 (UTC) X-FDA: 81351582060.03.A0FAD83 Received: from mail-oo1-f52.google.com (mail-oo1-f52.google.com [209.85.161.52]) by imf15.hostedemail.com (Postfix) with ESMTP id 0C284A0002 for ; Mon, 16 Oct 2023 14:39:07 +0000 (UTC) Authentication-Results: imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=KQIWrZpm; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf15.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1697467148; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=96Q+rrApZCfI+WQtbuoe54OnfJfwZ+w68c0Wju6ATQk=; b=4PfEGYcs5P2DqmgqQ4OVL8gLa4e3vhftjFdKpAhGG/idx8Z8e9UNIAUIh+sBlELXE1+D4U Fvz8bFxCOYk01bac1loYUgM6zNfDsqp74lQt41Ia5oQUgjlshyehh6rJxZagN6qDKE/bvp cbwrs/U7eNe7jpGL/u0ASXs+ptIXCiY= ARC-Authentication-Results: i=1; imf15.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=KQIWrZpm; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf15.hostedemail.com: domain of jeffxu@chromium.org designates 209.85.161.52 as permitted sender) smtp.mailfrom=jeffxu@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1697467148; a=rsa-sha256; cv=none; b=NFlpxR15UocB5KOtZ62eKHbNgt5gTbZA2c6et2Elcd7wkqOpXZ3iLQ0/HK4w4s6v32PQdQ pDlcuhfOgbeuutyslXz2MCj5hDbTCTt+x2tDzoDNfYvhcY5Bok5tKYpfEcV+b2xqsm/u48 Cw0OHfKyKvNWXdHJN7o2R4HYUOPAiXs= Received: by mail-oo1-f52.google.com with SMTP id 006d021491bc7-581bca3ebb0so352669eaf.0 for ; Mon, 16 Oct 2023 07:39:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1697467147; x=1698071947; darn=kvack.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=96Q+rrApZCfI+WQtbuoe54OnfJfwZ+w68c0Wju6ATQk=; b=KQIWrZpmOCXEgtVBFIhqwHgyBe7G1jf02JN+T+VsevAjakurWsL5WdQpCZInMzYX69 /T8Y3cQIrnN/ThYA36B1FV/FvNHqD8pKyO8SUTp4jWfdJ6tIhCddmbmeQiY7BHkkw7bK ATaft1FRNfCD3FO85/+OqpwoZD81SDtULUX9A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697467147; x=1698071947; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=96Q+rrApZCfI+WQtbuoe54OnfJfwZ+w68c0Wju6ATQk=; b=WuaE55dTn73dlCr+1oFbDfQZ0uS8BE1hWoVOfLP47Z3TUGPANPsusK2peMfSESnFc8 WQyOTfZGxsfxZfUvl723ePBYxiyHuHInqr+ahGpJy845P1Boicf7SUWpPOVGLzR+kK9U zstPXQBZfYCMtlBkmQDMoXM7G5LMimI7QXa67fnkhggYz0V0Krc/zX28sz7SWm8tPjoT mc931zjY1Wbc7+TEqn2G4Ewh1tGnQfAeMafWF+6y/Yjbqp9nYOm2RYRMkf8HrTPPDkbZ QaZmlXJpsGZ6yuzx5KUoGmsLNJbgmsQWrh1r8chHJ0nFtwBDoGanF9rJaiUd5op46jvi mbiA== X-Gm-Message-State: AOJu0YyVrBahLFnTBvVQjHIfHVli4wpdRUryqxXy4I5Tt2DZEzES/t30 BxoHF3ZFeg0Y40cBapaBYFx1Pw== X-Google-Smtp-Source: AGHT+IFRaod1lhoruGxBzYEGfz9lrBcN46bTgd1VxjtZCMnihlGBguo6Rg91XaYb7kUX3YnYZOD9jQ== X-Received: by 2002:a05:6358:5b:b0:164:8d78:258a with SMTP id 27-20020a056358005b00b001648d78258amr20773171rwx.20.1697467147014; Mon, 16 Oct 2023 07:39:07 -0700 (PDT) Received: from localhost (9.184.168.34.bc.googleusercontent.com. [34.168.184.9]) by smtp.gmail.com with UTF8SMTPSA id t5-20020a62ea05000000b0068be4ce33easm18623342pfh.96.2023.10.16.07.39.06 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 16 Oct 2023 07:39:06 -0700 (PDT) From: jeffxu@chromium.org To: akpm@linux-foundation.org, keescook@chromium.org, sroettger@google.com Cc: jeffxu@google.com, jorgelo@chromium.org, groeck@chromium.org, linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-mm@kvack.org, jannh@google.com, surenb@google.com, alex.sierra@amd.com, apopple@nvidia.com, aneesh.kumar@linux.ibm.com, axelrasmussen@google.com, ben@decadent.org.uk, catalin.marinas@arm.com, david@redhat.com, dwmw@amazon.co.uk, ying.huang@intel.com, hughd@google.com, joey.gouly@arm.com, corbet@lwn.net, wangkefeng.wang@huawei.com, Liam.Howlett@oracle.com, torvalds@linux-foundation.org, lstoakes@gmail.com, willy@infradead.org, mawupeng1@huawei.com, linmiaohe@huawei.com, namit@vmware.com, peterx@redhat.com, peterz@infradead.org, ryan.roberts@arm.com, shr@devkernel.io, vbabka@suse.cz, xiujianfeng@huawei.com, yu.ma@intel.com, zhangpeng362@huawei.com, dave.hansen@intel.com, luto@kernel.org, linux-hardening@vger.kernel.org Subject: [RFC PATCH v1 8/8] selftest mm/mseal mprotect/munmap/mremap/mmap Date: Mon, 16 Oct 2023 14:38:27 +0000 Message-ID: <20231016143828.647848-9-jeffxu@chromium.org> X-Mailer: git-send-email 2.42.0.655.g421f12c284-goog In-Reply-To: <20231016143828.647848-1-jeffxu@chromium.org> References: <20231016143828.647848-1-jeffxu@chromium.org> MIME-Version: 1.0 X-Rspam-User: X-Stat-Signature: wsy7t1it514gcby1kadpu9xrnxeqsdy9 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 0C284A0002 X-HE-Tag: 1697467147-323224 X-HE-Meta: U2FsdGVkX18NF6UFIxuiIKN1yjjDMjLp+nZiFiFKtnC1hVe5Dh+9sMDFX827AtXuyu9ZjDyBgZsp3UDIVDtVQyRRPn36TiYW8JpaQgCZm1BwfaVtNkLMBp9Ro54l5JV3DNqjls7x2jOFYsIApgiau1q5uRqYPzXljW38BNBEmDMjk64hJB3R5z3Ku+DW362n9pEzM3fPqsX8g+LXNGrdhm0WtzXDOyGqQyRWsBPnA00/R8kbSAMLcwJtonDTb+cgI2seiqZYdmsSiRTe6Lz9W0JL4g7SEIyHpler6eQDP+wBafWuIlVp3pf80JCoN6JOAG+KuyJWLmDpWwRAEB4XDhtUCfL+FMljhuNJNPwR9luZd1aPXxWeyo/gVTjw1UZX39pR1D0pte7BQ0ChJlASKGsV8Sewuv1iTf5dooPxaSc0shVhsXENJ7ew3Rn8z/rtrpl7aKOYWAHoTNvNyUTprcuIFuCu/TOdhrelYC+ADIP9Usk6JZfmo98dOhsixn95tyvDrvDZnLtrrL+KKOoKXAceynMcuc1cihdPsDdF4wbvmCv/DC6F6QuvPVcWEew9AYB4Og393NkL0cLuHX1tyPvlo4thoQd6po3UFXbZxSYA1q3x7oog6rQj7YJtzWHcTYsKWQ540DZUv6Jh1tnV/kZhdofJFEmi7bZDCsMp0eAbWLYMhfcHOd+vrQ7HXF166h6qKodhuLxaO/eqQt7h7J3g8v5GAvZ9wGXIUN0Fzh6JpguGlX12/+6q1CJ4LHO01/TxubS9eez5sByjFTR4oSc/6z7diFRPFt29J40PDHgYySKMHZIGdOa9FMXniG2o8LxSu6enUCjIp2Bpdf8xU/NOOWeYS3KxjkwRRoJYqk9K9YqPtN8KV9XzwvOsDocuh5NxxPVPDlDYkxQQs6afjdfJNVD6PAnO2cwnhPvH/qcP5MD7U3uivEvVpU7iwVAiONlRo9URL897alrl1FY p0KARbK7 692jtohOAG9HuHEkx3YjBN1IAETKTzl8bmvEnvB3vZsSl/YQqeJzrhevk0jdqTJGc67m1EKiocoBPdPqW3NVJ4BmPhspa93vQ1pe0A4fqKOmMHUsc28ayf/oRsyeaFBGfsBMIPEWH1GMei02U5kC8Ft0STeMy4w8JsDSfcZRWb4vfq0vwmrC4wqEnKNu8phR16wR2Cum5ik8JJ508q9XfRltuklJ6IH6xl8bsTAcdKSwN+WzQkgc9iePV5kGwwDJTemoLG1sIHyIP7jLF225zdbUXRlxU+6ZNg/neoU7NYTtCC640b1g/Iy2l3Up++qI15Y43 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: From: Jeff Xu selftest for sealing mprotect/munmap/mremap/mmap Signed-off-by: Jeff Xu --- tools/testing/selftests/mm/Makefile | 1 + tools/testing/selftests/mm/mseal_test.c | 1428 +++++++++++++++++++++++ 2 files changed, 1429 insertions(+) create mode 100644 tools/testing/selftests/mm/mseal_test.c diff --git a/tools/testing/selftests/mm/Makefile b/tools/testing/selftests/mm/Makefile index 6a9fc5693145..0c086cecc093 100644 --- a/tools/testing/selftests/mm/Makefile +++ b/tools/testing/selftests/mm/Makefile @@ -59,6 +59,7 @@ TEST_GEN_FILES += mlock2-tests TEST_GEN_FILES += mrelease_test TEST_GEN_FILES += mremap_dontunmap TEST_GEN_FILES += mremap_test +TEST_GEN_FILES += mseal_test TEST_GEN_FILES += on-fault-limit TEST_GEN_FILES += thuge-gen TEST_GEN_FILES += transhuge-stress diff --git a/tools/testing/selftests/mm/mseal_test.c b/tools/testing/selftests/mm/mseal_test.c new file mode 100644 index 000000000000..d6ae09729394 --- /dev/null +++ b/tools/testing/selftests/mm/mseal_test.c @@ -0,0 +1,1428 @@ +// SPDX-License-Identifier: GPL-2.0 +#define _GNU_SOURCE +#include +#include +#include +#include +#include +#include +#include +#include "../kselftest.h" +#include +#include +#include +#include +#include + +#ifndef MM_SEAL_MSEAL +#define MM_SEAL_MSEAL 0x1 +#endif + +#ifndef MM_SEAL_MPROTECT +#define MM_SEAL_MPROTECT 0x2 +#endif + +#ifndef MM_SEAL_MUNMAP +#define MM_SEAL_MUNMAP 0x4 +#endif + +#ifndef MM_SEAL_MMAP +#define MM_SEAL_MMAP 0x8 +#endif + +#ifndef MM_SEAL_MREMAP +#define MM_SEAL_MREMAP 0x10 +#endif + +#ifndef DEBUG +#define LOG_TEST_ENTER() {} +#else +#define LOG_TEST_ENTER() { printf("%s\n", __func__); } +#endif + +static int sys_mseal(void *start, size_t len, int types) +{ + int sret; + + errno = 0; + sret = syscall(__NR_mseal, start, len, types, 0); + return sret; +} + +int sys_mprotect(void *ptr, size_t size, unsigned long prot) +{ + int sret; + + errno = 0; + sret = syscall(SYS_mprotect, ptr, size, prot); + return sret; +} + +int sys_munmap(void *ptr, size_t size) +{ + int sret; + + errno = 0; + sret = syscall(SYS_munmap, ptr, size); + return sret; +} + +static int sys_madvise(void *start, size_t len, int types) +{ + int sret; + + errno = 0; + sret = syscall(__NR_madvise, start, len, types); + return sret; +} + +void *addr1 = (void *)0x50000000; +void *addr2 = (void *)0x50004000; +void *addr3 = (void *)0x50008000; +void setup_single_address(int size, void **ptrOut) +{ + void *ptr; + + ptr = mmap(NULL, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + assert(ptr != (void *)-1); + *ptrOut = ptr; +} + +void setup_single_fixed_address(int size, void **ptrOut) +{ + void *ptr; + + ptr = mmap(addr1, size, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + assert(ptr == (void *)addr1); + + *ptrOut = ptr; +} + +void clean_single_address(void *ptr, int size) +{ + int ret; + + ret = munmap(ptr, size); + assert(!ret); +} + +void seal_mprotect_single_address(void *ptr, int size) +{ + int ret; + + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); +} + +static void test_seal_addseals(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + /* adding seal one by one */ + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); + + ret = sys_mseal(ptr, size, MM_SEAL_MMAP); + assert(!ret); + + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_addseals_combined(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); + + /* adding multiple seals */ + ret = sys_mseal(ptr, size, + MM_SEAL_MPROTECT | MM_SEAL_MMAP | MM_SEAL_MREMAP | + MM_SEAL_MSEAL); + assert(!ret); + + /* not adding more seal type, so ok. */ + ret = sys_mseal(ptr, size, + MM_SEAL_MMAP | MM_SEAL_MREMAP | MM_SEAL_MSEAL); + assert(!ret); + + /* not adding more seal type, so ok. */ + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_addseals_reject(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT | MM_SEAL_MSEAL); + assert(!ret); + + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); + + /* MM_SEAL_MSEAL is set, so not allow new seal type . */ + ret = sys_mseal(ptr, size, + MM_SEAL_MPROTECT | MM_SEAL_MMAP | MM_SEAL_MSEAL); + assert(ret < 0); + + ret = sys_mseal(ptr, size, MM_SEAL_MMAP); + assert(ret < 0); + + ret = sys_mseal(ptr, size, MM_SEAL_MMAP | MM_SEAL_MSEAL); + assert(ret < 0); + + clean_single_address(ptr, size); +} + +static void test_seal_unmapped_start(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + // munmap 2 pages from ptr. + ret = sys_munmap(ptr, 2 * page_size); + assert(!ret); + + // mprotect will fail because 2 pages from ptr are unmapped. + ret = sys_mprotect(ptr, size, PROT_READ | PROT_WRITE); + assert(ret < 0); + + // mseal will fail because 2 pages from ptr are unmapped. + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(ret < 0); + + ret = sys_mseal(ptr + 2 * page_size, 2 * page_size, MM_SEAL_MSEAL); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_unmapped_middle(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + // munmap 2 pages from ptr + page. + ret = sys_munmap(ptr + page_size, 2 * page_size); + assert(!ret); + + // mprotect will fail, since size is 4 pages. + ret = sys_mprotect(ptr, size, PROT_READ | PROT_WRITE); + assert(ret < 0); + + // mseal will fail as well. + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(ret < 0); + + /* we still can add seal to the first page and last page*/ + ret = sys_mseal(ptr, page_size, MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(!ret); + + ret = sys_mseal(ptr + 3 * page_size, page_size, + MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_unmapped_end(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + // unmap last 2 pages. + ret = sys_munmap(ptr + 2 * page_size, 2 * page_size); + assert(!ret); + + //mprotect will fail since last 2 pages are unmapped. + ret = sys_mprotect(ptr, size, PROT_READ | PROT_WRITE); + assert(ret < 0); + + //mseal will fail as well. + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(ret < 0); + + /* The first 2 pages is not sealed, and can add seals */ + ret = sys_mseal(ptr, 2 * page_size, MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_multiple_vmas(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + // use mprotect to split the vma into 3. + ret = sys_mprotect(ptr + page_size, 2 * page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + // mprotect will get applied to all 4 pages - 3 VMAs. + ret = sys_mprotect(ptr, size, PROT_READ); + assert(!ret); + + // use mprotect to split the vma into 3. + ret = sys_mprotect(ptr + page_size, 2 * page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + // mseal get applied to all 4 pages - 3 VMAs. + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(!ret); + + // verify additional seal type will fail after MM_SEAL_MSEAL set. + ret = sys_mseal(ptr, page_size, MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(ret < 0); + + ret = sys_mseal(ptr + page_size, 2 * page_size, + MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(ret < 0); + + ret = sys_mseal(ptr + 3 * page_size, page_size, + MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(ret < 0); + + clean_single_address(ptr, size); +} + +static void test_seal_split_start(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + /* use mprotect to split at middle */ + ret = sys_mprotect(ptr, 2 * page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + /* seal the first page, this will split the VMA */ + ret = sys_mseal(ptr, page_size, MM_SEAL_MSEAL); + assert(!ret); + + /* can't add seal to the first page */ + ret = sys_mseal(ptr, page_size, MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(ret < 0); + + /* add seal to the remain 3 pages */ + ret = sys_mseal(ptr + page_size, 3 * page_size, + MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_split_end(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_fixed_address(size, &ptr); + + /* use mprotect to split at middle */ + ret = sys_mprotect(ptr, 2 * page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + /* seal the last page */ + ret = sys_mseal(ptr + 3 * page_size, page_size, MM_SEAL_MSEAL); + assert(!ret); + + /* adding seal to the last page is rejected. */ + ret = sys_mseal(ptr + 3 * page_size, page_size, + MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(ret < 0); + + /* Adding seals to the first 3 pages */ + ret = sys_mseal(ptr, 3 * page_size, MM_SEAL_MSEAL | MM_SEAL_MPROTECT); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_invalid_input(void) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_fixed_address(size, &ptr); + + /* invalid flag */ + ret = sys_mseal(ptr, size, 0x20); + assert(ret < 0); + + ret = sys_mseal(ptr, size, 0x31); + assert(ret < 0); + + ret = sys_mseal(ptr, size, 0x3F); + assert(ret < 0); + + /* unaligned address */ + ret = sys_mseal(ptr + 1, 2 * page_size, MM_SEAL_MSEAL); + assert(ret < 0); + + /* length too big */ + ret = sys_mseal(ptr, 5 * page_size, MM_SEAL_MSEAL); + assert(ret < 0); + + /* start is not in a valid VMA */ + ret = sys_mseal(ptr - page_size, 5 * page_size, MM_SEAL_MSEAL); + assert(ret < 0); + + clean_single_address(ptr, size); +} + +static void test_seal_zero_length(void) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + ret = sys_mprotect(ptr, 0, PROT_READ | PROT_WRITE); + assert(!ret); + + /* seal 0 length will be OK, same as mprotect */ + ret = sys_mseal(ptr, 0, MM_SEAL_MPROTECT); + assert(!ret); + + // verify the 4 pages are not sealed by previous call. + ret = sys_mprotect(ptr, size, PROT_READ | PROT_WRITE); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_twice(void) +{ + LOG_TEST_ENTER(); + int ret; + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + + setup_single_address(size, &ptr); + + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); + + // apply the same seal will be OK. idempotent. + ret = sys_mseal(ptr, size, MM_SEAL_MPROTECT); + assert(!ret); + + ret = sys_mseal(ptr, size, + MM_SEAL_MPROTECT | MM_SEAL_MMAP | MM_SEAL_MREMAP | + MM_SEAL_MSEAL); + assert(!ret); + + ret = sys_mseal(ptr, size, + MM_SEAL_MPROTECT | MM_SEAL_MMAP | MM_SEAL_MREMAP | + MM_SEAL_MSEAL); + assert(!ret); + + ret = sys_mseal(ptr, size, MM_SEAL_MSEAL); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + if (seal) + seal_mprotect_single_address(ptr, size); + + ret = sys_mprotect(ptr, size, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_start_mprotect(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + if (seal) + seal_mprotect_single_address(ptr, page_size); + + // the first page is sealed. + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + // pages after the first page is not sealed. + ret = sys_mprotect(ptr + page_size, page_size * 3, + PROT_READ | PROT_WRITE); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_end_mprotect(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + if (seal) + seal_mprotect_single_address(ptr + page_size, 3 * page_size); + + /* first page is not sealed */ + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + /* last 3 page are sealed */ + ret = sys_mprotect(ptr + page_size, page_size * 3, + PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_unalign_len(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + if (seal) + seal_mprotect_single_address(ptr, page_size * 2 - 1); + + // 2 pages are sealed. + ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + ret = sys_mprotect(ptr + page_size * 2, page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_unalign_len_variant_2(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + if (seal) + seal_mprotect_single_address(ptr, page_size * 2 + 1); + + // 3 pages are sealed. + ret = sys_mprotect(ptr, page_size * 3, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + ret = sys_mprotect(ptr + page_size * 3, page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_two_vma(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + /* use mprotect to split */ + ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + assert(!ret); + + if (seal) + seal_mprotect_single_address(ptr, page_size * 4); + + ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + ret = sys_mprotect(ptr + page_size * 2, page_size * 2, + PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_two_vma_with_split(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + // use mprotect to split as two vma. + ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + assert(!ret); + + // mseal can apply across 2 vma, also split them. + if (seal) + seal_mprotect_single_address(ptr + page_size, page_size * 2); + + // the first page is not sealed. + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + // the second page is sealed. + ret = sys_mprotect(ptr + page_size, page_size, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + // the third page is sealed. + ret = sys_mprotect(ptr + 2 * page_size, page_size, + PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + // the fouth page is not sealed. + ret = sys_mprotect(ptr + 3 * page_size, page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_partial_mprotect(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + // seal one page. + if (seal) + seal_mprotect_single_address(ptr, page_size); + + // mprotect first 2 page will fail, since the first page are sealed. + ret = sys_mprotect(ptr, 2 * page_size, PROT_READ | PROT_WRITE); + if (seal) + assert(ret < 0); + else + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_two_vma_with_gap(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + // use mprotect to split. + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + // use mprotect to split. + ret = sys_mprotect(ptr + 3 * page_size, page_size, + PROT_READ | PROT_WRITE); + assert(!ret); + + // use munmap to free two pages in the middle + ret = sys_munmap(ptr + page_size, 2 * page_size); + assert(!ret); + + // mprotect will fail, because there is a gap in the address. + // notes, internally mprotect still updated the first page. + ret = sys_mprotect(ptr, 4 * page_size, PROT_READ); + assert(ret < 0); + + // mseal will fail as well. + ret = sys_mseal(ptr, 4 * page_size, MM_SEAL_MPROTECT); + assert(ret < 0); + + // unlike mprotect, the first page is not sealed. + ret = sys_mprotect(ptr, page_size, PROT_READ); + assert(ret == 0); + + // the last page is not sealed. + ret = sys_mprotect(ptr + 3 * page_size, page_size, PROT_READ); + assert(ret == 0); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_split(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + //use mprotect to split. + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + //seal all 4 pages. + if (seal) { + ret = sys_mseal(ptr, 4 * page_size, MM_SEAL_MPROTECT); + assert(!ret); + } + + //madvice is OK. + ret = sys_madvise(ptr, page_size * 2, MADV_WILLNEED); + assert(!ret); + + //mprotect is sealed. + ret = sys_mprotect(ptr, 2 * page_size, PROT_READ); + if (seal) + assert(ret < 0); + else + assert(!ret); + + + ret = sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_READ); + if (seal) + assert(ret < 0); + else + assert(!ret); + + clean_single_address(ptr, size); +} + +static void test_seal_mprotect_merge(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + // use mprotect to split one page. + ret = sys_mprotect(ptr, page_size, PROT_READ | PROT_WRITE); + assert(!ret); + + // seal first two pages. + if (seal) { + ret = sys_mseal(ptr, 2 * page_size, MM_SEAL_MPROTECT); + assert(!ret); + } + + ret = sys_madvise(ptr, page_size, MADV_WILLNEED); + assert(!ret); + + // 2 pages are sealed. + ret = sys_mprotect(ptr, 2 * page_size, PROT_READ); + if (seal) + assert(ret < 0); + else + assert(!ret); + + // last 2 pages are not sealed. + ret = sys_mprotect(ptr + 2 * page_size, 2 * page_size, PROT_READ); + assert(ret == 0); + + clean_single_address(ptr, size); +} + +static void test_seal_munmap(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MUNMAP); + assert(!ret); + } + + // 4 pages are sealed. + ret = sys_munmap(ptr, size); + if (seal) + assert(ret < 0); + else + assert(!ret); +} + +/* + * allocate 4 pages, + * use mprotect to split it as two VMAs + * seal the whole range + * munmap will fail on both + */ +static void test_seal_munmap_two_vma(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + /* use mprotect to split */ + ret = sys_mprotect(ptr, page_size * 2, PROT_READ | PROT_WRITE); + assert(!ret); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MUNMAP); + assert(!ret); + } + + ret = sys_munmap(ptr, page_size * 2); + if (seal) + assert(ret < 0); + else + assert(!ret); + + ret = sys_munmap(ptr + page_size, page_size * 2); + if (seal) + assert(ret < 0); + else + assert(!ret); +} + +/* + * allocate a VMA with 4 pages. + * munmap the middle 2 pages. + * seal the whole 4 pages, will fail. + * note: one of the pages are sealed + * munmap the first page will be OK. + * munmap the last page will be OK. + */ +static void test_seal_munmap_vma_with_gap(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + ret = sys_munmap(ptr + page_size, page_size * 2); + assert(!ret); + + if (seal) { + // can't have gap in the middle. + ret = sys_mseal(ptr, size, MM_SEAL_MUNMAP); + assert(ret < 0); + } + + ret = sys_munmap(ptr, page_size); + assert(!ret); + + ret = sys_munmap(ptr + page_size * 2, page_size); + assert(!ret); + + ret = sys_munmap(ptr, size); + assert(!ret); +} + +static void test_munmap_start_freed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + + // unmap the first page. + ret = sys_munmap(ptr, page_size); + assert(!ret); + + // seal the last 3 pages. + if (seal) { + ret = sys_mseal(ptr + page_size, 3 * page_size, MM_SEAL_MUNMAP); + assert(!ret); + } + + // unmap from the first page. + ret = sys_munmap(ptr, size); + if (seal) { + assert(ret < 0); + + // use mprotect to verify page is not unmapped. + ret = sys_mprotect(ptr + page_size, 3 * page_size, PROT_READ); + assert(!ret); + } else + // note: this will be OK, even the first page is + // already unmapped. + assert(!ret); +} + +static void test_munmap_end_freed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + // unmap last page. + ret = sys_munmap(ptr + page_size * 3, page_size); + assert(!ret); + + // seal the first 3 pages. + if (seal) { + ret = sys_mseal(ptr, 3 * page_size, MM_SEAL_MUNMAP); + assert(!ret); + } + + // unmap all pages. + ret = sys_munmap(ptr, size); + if (seal) { + assert(ret < 0); + + // use mprotect to verify page is not unmapped. + ret = sys_mprotect(ptr, 3 * page_size, PROT_READ); + assert(!ret); + } else + assert(!ret); +} + +static void test_munmap_middle_freed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + + setup_single_address(size, &ptr); + // unmap 2 pages in the middle. + ret = sys_munmap(ptr + page_size, page_size * 2); + assert(!ret); + + // seal the first page. + if (seal) { + ret = sys_mseal(ptr, page_size, MM_SEAL_MUNMAP); + assert(!ret); + } + + // munmap all 4 pages. + ret = sys_munmap(ptr, size); + if (seal) { + assert(ret < 0); + + // use mprotect to verify page is not unmapped. + ret = sys_mprotect(ptr, page_size, PROT_READ); + assert(!ret); + } else + assert(!ret); +} + +void test_seal_mremap_shrink(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // shrink from 4 pages to 2 pages. + ret2 = mremap(ptr, size, 2 * page_size, 0, 0); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 != MAP_FAILED); + clean_single_address(ret2, 2 * page_size); + } + clean_single_address(ptr, size); +} + +void test_seal_mremap_expand(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + // ummap last 2 pages. + ret = sys_munmap(ptr + 2 * page_size, 2 * page_size); + assert(!ret); + + if (seal) { + ret = sys_mseal(ptr, 2 * page_size, MM_SEAL_MREMAP); + assert(!ret); + } + + // expand from 2 page to 4 pages. + ret2 = mremap(ptr, 2 * page_size, 4 * page_size, 0, 0); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 == ptr); + clean_single_address(ret2, 4 * page_size); + } + clean_single_address(ptr, size); +} + +void test_seal_mremap_move(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // move from ptr to fixed address. + ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, addr1); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 != MAP_FAILED); + clean_single_address(ret2, size); + } + clean_single_address(ptr, size); +} + +void test_seal_mmap_overwrite_prot(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + unsigned long page_size = getpagesize(); + unsigned long size = page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MMAP); + assert(!ret); + } + + // use mmap to change protection. + ret2 = mmap(ptr, size, PROT_NONE, + MAP_ANONYMOUS | MAP_PRIVATE | MAP_FIXED, -1, 0); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else + assert(ret2 == ptr); + + clean_single_address(ptr, size); +} + +void test_seal_mremap_shrink_fixed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + setup_single_fixed_address(size, &newAddr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // mremap to move and shrink to fixed address + ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + newAddr); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else + assert(ret2 == newAddr); + + clean_single_address(ptr, size); + clean_single_address(newAddr, size); +} + +void test_seal_mremap_expand_fixed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(page_size, &ptr); + setup_single_fixed_address(size, &newAddr); + + if (seal) { + ret = sys_mseal(newAddr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // mremap to move and expand to fixed address + ret2 = mremap(ptr, page_size, size, MREMAP_MAYMOVE | MREMAP_FIXED, + newAddr); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else + assert(ret2 == newAddr); + + clean_single_address(ptr, page_size); + clean_single_address(newAddr, size); +} + +void test_seal_mremap_move_fixed(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + setup_single_fixed_address(size, &newAddr); + + if (seal) { + ret = sys_mseal(newAddr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // mremap to move to fixed address + ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_FIXED, newAddr); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else + assert(ret2 == newAddr); + + clean_single_address(ptr, page_size); + clean_single_address(newAddr, size); +} + +void test_seal_mremap_move_fixed_zero(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + /* + * MREMAP_FIXED can move the mapping to zero address + */ + ret2 = mremap(ptr, size, 2 * page_size, MREMAP_MAYMOVE | MREMAP_FIXED, + 0); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 == 0); + clean_single_address(ret2, 2 * page_size); + } + clean_single_address(ptr, size); +} + +void test_seal_mremap_move_dontunmap(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + // mremap to move, and don't unmap src addr. + ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, 0); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 != MAP_FAILED); + clean_single_address(ret2, size); + } + + clean_single_address(ptr, page_size); +} + +void test_seal_mremap_move_dontunmap_anyaddr(bool seal) +{ + LOG_TEST_ENTER(); + void *ptr; + void *newAddr; + unsigned long page_size = getpagesize(); + unsigned long size = 4 * page_size; + int ret; + void *ret2; + + setup_single_address(size, &ptr); + + if (seal) { + ret = sys_mseal(ptr, size, MM_SEAL_MREMAP); + assert(!ret); + } + + /* + * The 0xdeaddead should not have effect on dest addr + * when MREMAP_DONTUNMAP is set. + */ + ret2 = mremap(ptr, size, size, MREMAP_MAYMOVE | MREMAP_DONTUNMAP, + 0xdeaddead); + if (seal) { + assert(ret2 == MAP_FAILED); + assert(errno == EACCES); + } else { + assert(ret2 != MAP_FAILED); + assert((long)ret2 != 0xdeaddead); + clean_single_address(ret2, size); + } + + clean_single_address(ptr, page_size); +} + +int main(int argc, char **argv) +{ + test_seal_invalid_input(); + test_seal_addseals(); + test_seal_addseals_combined(); + test_seal_addseals_reject(); + test_seal_unmapped_start(); + test_seal_unmapped_middle(); + test_seal_unmapped_end(); + test_seal_multiple_vmas(); + test_seal_split_start(); + test_seal_split_end(); + + test_seal_zero_length(); + test_seal_twice(); + + test_seal_mprotect(false); + test_seal_mprotect(true); + + test_seal_start_mprotect(false); + test_seal_start_mprotect(true); + + test_seal_end_mprotect(false); + test_seal_end_mprotect(true); + + test_seal_mprotect_unalign_len(false); + test_seal_mprotect_unalign_len(true); + + test_seal_mprotect_unalign_len_variant_2(false); + test_seal_mprotect_unalign_len_variant_2(true); + + test_seal_mprotect_two_vma(false); + test_seal_mprotect_two_vma(true); + + test_seal_mprotect_two_vma_with_split(false); + test_seal_mprotect_two_vma_with_split(true); + + test_seal_mprotect_partial_mprotect(false); + test_seal_mprotect_partial_mprotect(true); + + test_seal_mprotect_two_vma_with_gap(false); + test_seal_mprotect_two_vma_with_gap(true); + + test_seal_mprotect_merge(false); + test_seal_mprotect_merge(true); + + test_seal_mprotect_split(false); + test_seal_mprotect_split(true); + + test_seal_munmap(false); + test_seal_munmap(true); + test_seal_munmap_two_vma(false); + test_seal_munmap_two_vma(true); + test_seal_munmap_vma_with_gap(false); + test_seal_munmap_vma_with_gap(true); + + test_munmap_start_freed(false); + test_munmap_start_freed(true); + test_munmap_middle_freed(false); + test_munmap_middle_freed(true); + test_munmap_end_freed(false); + test_munmap_end_freed(true); + + test_seal_mremap_shrink(false); + test_seal_mremap_shrink(true); + test_seal_mremap_expand(false); + test_seal_mremap_expand(true); + test_seal_mremap_move(false); + test_seal_mremap_move(true); + + test_seal_mremap_shrink_fixed(false); + test_seal_mremap_shrink_fixed(true); + test_seal_mremap_expand_fixed(false); + test_seal_mremap_expand_fixed(true); + test_seal_mremap_move_fixed(false); + test_seal_mremap_move_fixed(true); + test_seal_mremap_move_dontunmap(false); + test_seal_mremap_move_dontunmap(true); + test_seal_mremap_move_fixed_zero(false); + test_seal_mremap_move_fixed_zero(true); + test_seal_mremap_move_dontunmap_anyaddr(false); + test_seal_mremap_move_dontunmap_anyaddr(true); + + test_seal_mmap_overwrite_prot(false); + test_seal_mmap_overwrite_prot(true); + + printf("OK\n"); + return 0; +}