From: "Timothy Pepper" <timothy.c.pepper@linux.intel.com>
To: Ingo Molnar <mingo@kernel.org>
Cc: linux-mm@kvack.org, Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, "H. Peter Anvin" <hpa@zytor.com>,
x86@kernel.org, Russell King <linux@arm.linux.org.uk>,
linux-arm-kernel@lists.infradead.org,
Ralf Baechle <ralf@linux-mips.org>,
linux-mips@linux-mips.org,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
Paul Mackerras <paulus@samba.org>,
linuxppc-dev@lists.ozlabs.org, Paul Mundt <lethal@linux-sh.org>,
linux-sh@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
sparclinux@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
James Morris <james.l.morris@oracle.com>,
Michel Lespinasse <walken@google.com>,
Rik van Riel <riel@redhat.com>
Subject: Re: mm: insure topdown mmap chooses addresses above security minimum
Date: Wed, 25 Sep 2013 10:12:43 -0700 [thread overview]
Message-ID: <20130925171243.GA7428@tcpepper-desk.jf.intel.com> (raw)
In-Reply-To: <20130925073048.GB27960@gmail.com>
On Wed 25 Sep at 09:30:49 +0200 mingo@kernel.org said:
> > info.flags = VM_UNMAPPED_AREA_TOPDOWN;
> > info.length = len;
> > - info.low_limit = PAGE_SIZE;
> > + info.low_limit = max(PAGE_SIZE, PAGE_ALIGN(mmap_min_addr));
> > info.high_limit = mm->mmap_base;
> > info.align_mask = filp ? get_align_mask() : 0;
> > info.align_offset = pgoff << PAGE_SHIFT;
>
> There appears to be a lot of repetition in these methods - instead of
> changing 6 places it would be more future-proof to first factor out the
> common bits and then to apply the fix to the shared implementation.
Besides that existing redundancy in the multiple somewhat similar
arch_get_unmapped_area_topdown() functions, I was expecting people might
question the added redundancy of the six instances of:
max(PAGE_SIZE, PAGE_ALIGN(mmap_min_addr));
There's also a seventh similar instance if you consider
mm/mmap.c:round_hint_to_min() and its call stack. I'm inclined to
think mmap_min_addr should be validated/aligned in one place, namely on
initialization and input in security/min_addr.c:update_mmap_min_addr(),
with mmap_min_addr always stored as an aligned value.
In the past commit 40401530 Al Viro arguably moved that checking out
of the security code and toward the mmap code. Granted at that point
though there was only the round_hint_to_min() insuring the value in
mmap_min_addr was page aligned before use in that call path. I'm thinking
something like:
diff --git a/security/min_addr.c b/security/min_addr.c
--- a/security/min_addr.c
+++ b/security/min_addr.c
@@ -14,14 +14,16 @@ unsigned long dac_mmap_min_addr = CONFIG_DEFAULT_MMAP_MIN_ADDR;
*/
static void update_mmap_min_addr(void)
{
+ unsigned long addr;
#ifdef CONFIG_LSM_MMAP_MIN_ADDR
if (dac_mmap_min_addr > CONFIG_LSM_MMAP_MIN_ADDR)
- mmap_min_addr = dac_mmap_min_addr;
+ addr = dac_mmap_min_addr;
else
- mmap_min_addr = CONFIG_LSM_MMAP_MIN_ADDR;
+ addr = CONFIG_LSM_MMAP_MIN_ADDR;
#else
- mmap_min_addr = dac_mmap_min_addr;
+ addr = dac_mmap_min_addr;
#endif
+ mmap_min_addr = max(PAGE_SIZE, PAGE_ALIGN(addr));
}
/*
But this possibly has implications beyond the mmap code.
Al Viro, James Morris: any thoughts on the above?
Michel, Rik: what do you think of common helpers called by
ARM, MIPS, SH, Sparc, x86_64 arch_get_unmapped_area_topdown()
and arch_get_unmapped_area() to handle initialization of struct
vm_unmapped_area_info info fields which are currently mostly common?
Given the nuances of "mostly common" I'm not sure the result would
actually be positive for overall readability / self-documenting-ness of
the per arch files.
--
Tim Pepper <timothy.c.pepper@linux.intel.com>
Intel Open Source Technology Center
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2013-09-25 17:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-24 21:23 Timothy Pepper
2013-09-24 21:28 ` Russell King - ARM Linux
2013-09-25 7:30 ` Ingo Molnar
2013-09-25 17:12 ` Timothy Pepper [this message]
2013-09-25 17:44 ` Ingo Molnar
2013-09-27 15:39 ` Timothy Pepper
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130925171243.GA7428@tcpepper-desk.jf.intel.com \
--to=timothy.c.pepper@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=benh@kernel.crashing.org \
--cc=davem@davemloft.net \
--cc=hpa@zytor.com \
--cc=james.l.morris@oracle.com \
--cc=lethal@linux-sh.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-mips@linux-mips.org \
--cc=linux-mm@kvack.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux@arm.linux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=mingo@kernel.org \
--cc=mingo@redhat.com \
--cc=paulus@samba.org \
--cc=ralf@linux-mips.org \
--cc=riel@redhat.com \
--cc=sparclinux@vger.kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=walken@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox