tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm/mseal: simplify and rename VMA gap check

The check_mm_seal() function is doing something general - checking whether
a range contains only VMAs (or rather that it does NOT contain any
unmapped regions).

So rename this function to range_contains_unmapped().

Additionally simplify the logic, we are simply checking whether the last
vma->vm_end has either a VMA starting after it or ends before the end
parameter.

This check is rather dubious, so it is sensible to keep it local to
mm/mseal.c as at a later stage it may be removed, and we don't want any
other mm code to perform such a check.

No functional change intended.

[lorenzo.stoakes@oracle.com: add comment explaining why we disallow gaps on mseal()]
Link: https://lkml.kernel.org/r/d85b3d55-09dc-43ba-8204-b48267a96751@lucifer.local
Link: https://lkml.kernel.org/r/dd50984eff1e242b5f7f0f070a3360ef760e06b8.1753431105.git.lorenzo.stoakes@oracle.com
Signed-off-by: Lorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: Liam R. Howlett <Liam.Howlett@oracle.com>
Acked-by: David Hildenbrand <david@redhat.com>
Acked-by: Jeff Xu <jeffxu@chromium.org>
Reviewed-by: Pedro Falcato <pfalcato@suse.de>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <kees@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

Lorenzo Stoakes and committed by
Andrew Morton 530e0909 8b291416

+28 -23
+28 -23
mm/mseal.c
··· 38 38 } 39 39 40 40 /* 41 - * Check for do_mseal: 42 - * 1> start is part of a valid vma. 43 - * 2> end is part of a valid vma. 44 - * 3> No gap (unallocated address) between start and end. 45 - * 4> map is sealable. 41 + * mseal() disallows an input range which contain unmapped ranges (VMA holes). 42 + * 43 + * It disallows unmapped regions from start to end whether they exist at the 44 + * start, in the middle, or at the end of the range, or any combination thereof. 45 + * 46 + * This is because after sealng a range, there's nothing to stop memory mapping 47 + * of ranges in the remaining gaps later, meaning that the user might then 48 + * wrongly consider the entirety of the mseal()'d range to be sealed when it 49 + * in fact isn't. 46 50 */ 47 - static int check_mm_seal(unsigned long start, unsigned long end) 51 + 52 + /* 53 + * Does the [start, end) range contain any unmapped memory? 54 + * 55 + * We ensure that: 56 + * - start is part of a valid VMA. 57 + * - end is part of a valid VMA. 58 + * - no gap (unallocated memory) exists between start and end. 59 + */ 60 + static bool range_contains_unmapped(struct mm_struct *mm, 61 + unsigned long start, unsigned long end) 48 62 { 49 63 struct vm_area_struct *vma; 50 - unsigned long nstart = start; 64 + unsigned long prev_end = start; 51 65 VMA_ITERATOR(vmi, current->mm, start); 52 66 53 - /* going through each vma to check. */ 54 67 for_each_vma_range(vmi, vma, end) { 55 - if (vma->vm_start > nstart) 56 - /* unallocated memory found. */ 57 - return -ENOMEM; 68 + if (vma->vm_start > prev_end) 69 + return true; 58 70 59 - if (vma->vm_end >= end) 60 - return 0; 61 - 62 - nstart = vma->vm_end; 71 + prev_end = vma->vm_end; 63 72 } 64 73 65 - return -ENOMEM; 74 + return prev_end < end; 66 75 } 67 76 68 77 /* ··· 193 184 if (mmap_write_lock_killable(mm)) 194 185 return -EINTR; 195 186 196 - /* 197 - * First pass, this helps to avoid 198 - * partial sealing in case of error in input address range, 199 - * e.g. ENOMEM error. 200 - */ 201 - ret = check_mm_seal(start, end); 202 - if (ret) 187 + if (range_contains_unmapped(mm, start, end)) { 188 + ret = -ENOMEM; 203 189 goto out; 190 + } 204 191 205 192 /* 206 193 * Second pass, this should success, unless there are errors