Re: [PATCH 1/2] mm/madvise: introduce PR_MADV_SELF flag to process_madvise()
From: Lorenzo Stoakes <hidden>
Date: 2024-09-23 19:35:18
Also in:
linux-mm, lkml
Subsystem:
memory management, memory mapping - madvise (memory advice), the rest · Maintainers:
Andrew Morton, Liam R. Howlett, Lorenzo Stoakes, David Hildenbrand, Linus Torvalds
On Mon, Sep 23, 2024 at 11:56:06AM GMT, Shakeel Butt wrote:
On Mon, Sep 23, 2024 at 05:03:56PM GMT, Lorenzo Stoakes wrote: [...]quoted
SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec, size_t, vlen, int, behavior, unsigned int, flags) {@@ -1486,10 +1509,9 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec, struct iov_iter iter; struct task_struct *task; struct mm_struct *mm; - size_t total_len; unsigned int f_flags; - if (flags != 0) { + if (flags & ~PR_MADV_SELF) { ret = -EINVAL; goto out; }@@ -1498,13 +1520,26 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec, if (ret < 0) goto out; + /* + * Perform an madvise operation on the current process. No restrictions + * need be applied, nor do we need to pin the task or mm_struct. + */ + if (flags & PR_MADV_SELF) { + ret = vector_madvise(current->mm, &iter, behavior); + goto free_iov; + } + task = pidfd_get_task(pidfd, &f_flags); if (IS_ERR(task)) { ret = PTR_ERR(task); goto free_iov; } - if (!process_madvise_behavior_valid(behavior)) { + /* + * We need only perform this check if we are attempting to manipulate a + * remote process's address space. + */ + if (mm != current->mm && !process_madvise_remote_valid(behavior)) {Move the above check after mm is initialized i.e. mm = mm_access(). Shakeel
Ugh, sorry silly one there! Reflexively put that check in the original position. Enclose a quick fix-patch for it, will fix on any respin also. ----8<---- From dc09e0edf1cf71a89cc4cfc3ec73fdae3c2ab86c Mon Sep 17 00:00:00 2001 From: Lorenzo Stoakes <redacted> Date: Mon, 23 Sep 2024 20:33:07 +0100 Subject: [PATCH] mm/madvise: retrieve mm before checking --- mm/madvise.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/mm/madvise.c b/mm/madvise.c
index 549b36d1463c..49d12f98b677 100644
--- a/mm/madvise.c
+++ b/mm/madvise.c@@ -1535,20 +1535,20 @@ SYSCALL_DEFINE5(process_madvise, int, pidfd, const struct iovec __user *, vec, goto free_iov; } + /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */ + mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); + if (IS_ERR_OR_NULL(mm)) { + ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; + goto release_task; + } + /* * We need only perform this check if we are attempting to manipulate a * remote process's address space. */ if (mm != current->mm && !process_madvise_remote_valid(behavior)) { ret = -EINVAL; - goto release_task; - } - - /* Require PTRACE_MODE_READ to avoid leaking ASLR metadata. */ - mm = mm_access(task, PTRACE_MODE_READ_FSCREDS); - if (IS_ERR_OR_NULL(mm)) { - ret = IS_ERR(mm) ? PTR_ERR(mm) : -ESRCH; - goto release_task; + goto release_mm; } /* --
2.46.0