diff options
author | Jeremy Cline <jcline@redhat.com> | 2020-02-24 10:40:08 -0500 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2020-02-24 10:40:51 -0500 |
commit | a4c780cf4a739c31fab21284a4fd461a0554ae6e (patch) | |
tree | b70288a67ac0502a08d45243e3cac953f4c4ec75 /0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch | |
parent | beeed1edcc2df0bf1f04df1cf3ad45e8e5d45d8b (diff) | |
download | kernel-a4c780cf4a739c31fab21284a4fd461a0554ae6e.tar.gz kernel-a4c780cf4a739c31fab21284a4fd461a0554ae6e.tar.xz kernel-a4c780cf4a739c31fab21284a4fd461a0554ae6e.zip |
Linux v5.6-rc3
Diffstat (limited to '0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch')
-rw-r--r-- | 0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch | 95 |
1 files changed, 0 insertions, 95 deletions
diff --git a/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch b/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch deleted file mode 100644 index 6f3bd3c72..000000000 --- a/0001-mm-Avoid-creating-virtual-address-aliases-in-brk-mma.patch +++ /dev/null @@ -1,95 +0,0 @@ -From a34309d16f41c48ffd90e56a6f865d6a1a8c49f0 Mon Sep 17 00:00:00 2001 -From: Catalin Marinas <catalin.marinas@arm.com> -Date: Wed, 19 Feb 2020 12:31:56 +0000 -Subject: [PATCH] mm: Avoid creating virtual address aliases in - brk()/mmap()/mremap() - -Currently the arm64 kernel ignores the top address byte passed to brk(), -mmap() and mremap(). When the user is not aware of the 56-bit address -limit or relies on the kernel to return an error, untagging such -pointers has the potential to create address aliases in user-space. -Passing a tagged address to munmap(), madvise() is permitted since the -tagged pointer is expected to be inside an existing mapping. - -The current behaviour breaks the existing glibc malloc() implementation -which relies on brk() with an address beyond 56-bit to be rejected by -the kernel. - -Remove untagging in the above functions by partially reverting commit -ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In -addition, update the arm64 tagged-address-abi.rst document accordingly. - -Link: https://bugzilla.redhat.com/1797052 -Fixes: ce18d171cb73 ("mm: untag user pointers in mmap/munmap/mremap/brk") -Cc: <stable@vger.kernel.org> # 5.4.x- -Cc: Andrew Morton <akpm@linux-foundation.org> -Cc: Florian Weimer <fweimer@redhat.com> -Reported-by: Victor Stinner <vstinner@redhat.com> -Acked-by: Will Deacon <will@kernel.org> -Acked-by: Andrey Konovalov <andreyknvl@google.com> -Signed-off-by: Catalin Marinas <catalin.marinas@arm.com> ---- - Documentation/arm64/tagged-address-abi.rst | 11 +++++++++-- - mm/mmap.c | 4 ---- - mm/mremap.c | 1 - - 3 files changed, 9 insertions(+), 7 deletions(-) - -diff --git a/Documentation/arm64/tagged-address-abi.rst b/Documentation/arm64/tagged-address-abi.rst -index d4a85d535bf9..f6289116893c 100644 ---- a/Documentation/arm64/tagged-address-abi.rst -+++ b/Documentation/arm64/tagged-address-abi.rst -@@ -44,8 +44,15 @@ The AArch64 Tagged Address ABI has two stages of relaxation depending - how the user addresses are used by the kernel: - - 1. User addresses not accessed by the kernel but used for address space -- management (e.g. ``mmap()``, ``mprotect()``, ``madvise()``). The use -- of valid tagged pointers in this context is always allowed. -+ management (e.g. ``mprotect()``, ``madvise()``). The use of valid -+ tagged pointers in this context is allowed with the exception of -+ ``brk()``, ``mmap()`` and the ``new_address`` argument to -+ ``mremap()`` as these have the potential of aliasing with existing -+ user addresses. -+ -+ NOTE: This behaviour changed in v5.6 and so some earlier kernels may -+ incorrectly accept valid tagged pointers for the ``brk()``, -+ ``mmap()`` and ``mremap()`` system calls. - - 2. User addresses accessed by the kernel (e.g. ``write()``). This ABI - relaxation is disabled by default and the application thread needs to -diff --git a/mm/mmap.c b/mm/mmap.c -index 4390dbea4aa5..514cc19c5916 100644 ---- a/mm/mmap.c -+++ b/mm/mmap.c -@@ -195,8 +195,6 @@ SYSCALL_DEFINE1(brk, unsigned long, brk) - bool downgraded = false; - LIST_HEAD(uf); - -- brk = untagged_addr(brk); -- - if (down_write_killable(&mm->mmap_sem)) - return -EINTR; - -@@ -1583,8 +1581,6 @@ unsigned long ksys_mmap_pgoff(unsigned long addr, unsigned long len, - struct file *file = NULL; - unsigned long retval; - -- addr = untagged_addr(addr); -- - if (!(flags & MAP_ANONYMOUS)) { - audit_mmap_fd(fd, flags); - file = fget(fd); -diff --git a/mm/mremap.c b/mm/mremap.c -index 1fc8a29fbe3f..1d98281f7204 100644 ---- a/mm/mremap.c -+++ b/mm/mremap.c -@@ -607,7 +607,6 @@ SYSCALL_DEFINE5(mremap, unsigned long, addr, unsigned long, old_len, - LIST_HEAD(uf_unmap); - - addr = untagged_addr(addr); -- new_addr = untagged_addr(new_addr); - - if (flags & ~(MREMAP_FIXED | MREMAP_MAYMOVE)) - return ret; --- -2.24.1 - |