From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CD64C001B0 for ; Thu, 10 Aug 2023 19:21:50 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DB0EB6B0071; Thu, 10 Aug 2023 15:21:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id D3A3D6B0072; Thu, 10 Aug 2023 15:21:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BB3E66B0078; Thu, 10 Aug 2023 15:21:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id A93716B0071 for ; Thu, 10 Aug 2023 15:21:49 -0400 (EDT) Received: from smtpin04.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 6FD6CA042A for ; Thu, 10 Aug 2023 19:21:49 +0000 (UTC) X-FDA: 81109164738.04.F415DB6 Received: from mail-yw1-f201.google.com (mail-yw1-f201.google.com [209.85.128.201]) by imf12.hostedemail.com (Postfix) with ESMTP id A56814001A for ; Thu, 10 Aug 2023 19:21:47 +0000 (UTC) Authentication-Results: imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b="W/I0jMUU"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of 3yjjVZA0KCL0d0houdvpxvvhqjrrjoh.frpolqx0-ppnydfn.ruj@flex--axelrasmussen.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3yjjVZA0KCL0d0houdvpxvvhqjrrjoh.frpolqx0-ppnydfn.ruj@flex--axelrasmussen.bounces.google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691695307; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references:dkim-signature; bh=JVwAsL8GyIj4mx5rACaLqR7121szF8L7kVa/VdSYhKk=; b=xZOmMCP9shOVR79gm5dOysPM2GafonIQgmYZlZ7V3ev9U4DIImM5oSlDb0xkIOiX5zoPCG ibQIZdpRCV8KRXyfB9HCAYt3Zp7KFmm3Vcn7ECkNNfGntM7befaBuGxFQzEKUpLr1WvwBq oxCds46vc38MyriO4vtsCO2a/W/PIuI= ARC-Authentication-Results: i=1; imf12.hostedemail.com; dkim=pass header.d=google.com header.s=20221208 header.b="W/I0jMUU"; dmarc=pass (policy=reject) header.from=google.com; spf=pass (imf12.hostedemail.com: domain of 3yjjVZA0KCL0d0houdvpxvvhqjrrjoh.frpolqx0-ppnydfn.ruj@flex--axelrasmussen.bounces.google.com designates 209.85.128.201 as permitted sender) smtp.mailfrom=3yjjVZA0KCL0d0houdvpxvvhqjrrjoh.frpolqx0-ppnydfn.ruj@flex--axelrasmussen.bounces.google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691695307; a=rsa-sha256; cv=none; b=YinLQ0JwH12i1lKwBjk/zOpsV4Rt1ILT7/i84QufZGvwSuoOeldSGXxdjD2bOM6E7C+jaH sxYYPe36RVjqXZKlj+5NsXHbxluHFBDaeURFNH5DxSPZf2JQBpomTMKNbTO1XyCKeLf2WP QVDEGyi3RGy7HcUWgreeOtVvF9b4JHA= Received: by mail-yw1-f201.google.com with SMTP id 00721157ae682-5896bdb0b18so23654517b3.1 for ; Thu, 10 Aug 2023 12:21:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691695306; x=1692300106; h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject :date:message-id:reply-to; bh=JVwAsL8GyIj4mx5rACaLqR7121szF8L7kVa/VdSYhKk=; b=W/I0jMUUR76P+6pY9PNw6/9lrs82do/vNTSTR7MQbf0T5sxD5ee07o/AopBu6jRp2E WZnCIRWERMlxTbBmgviUTWUKyaRGjZ2Xtt1BFf1MsbHT42k3S+u6IuCKQHRfDmTvVkCE Cgwa+5SM2CMJrzCWkOBVh5eYlaF0Vb0S9olgCPGKYX3KqTvn3i8MswXT95LHLMmNMoew bn/cMAlDdhvhTpkNRRFfiCYCF4vOpk6ZCG73MqBGRK/Sb7T78Wp3u8WtYw8fSZ2yrpmE q8mlC5QOTvl4xRYwIKw3SSeZQe5wrTD/reHyzKv2bJRFQMN2wpSoIKnnaNwfM+A/yBCh BIMA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691695306; x=1692300106; h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=JVwAsL8GyIj4mx5rACaLqR7121szF8L7kVa/VdSYhKk=; b=i1kamtJevo+3L9xKPX76aHnA1YicNLZ9yP7t2yI3J5Df4zalaeY+/D343QjAYojxe5 Vb+46+gIuDYUSDYzeaG9vjgd13X3S6pz6EPCdUwpLhzhqqulRGZm0otwcPAO++hOfA4q SmhAV4oa8kGAGpPsTzgNCb76rDUBQBbTOxXqEls0Cod+P3WCWf5yL5pmD6jGjAZmZbSZ LvvwqUDTCqLrzONpJTQr2Pbb6PGxZ6mJDRlyy7WULZTZTvgZZnB7UHLfcYJIjfLTCIT9 eHVzIwOdCyxwZbEapNJ044YiKDyqMtZFzkNEHFCvw7Ul0ECmM8nVrqp81e5JKpmbm13K RFGQ== X-Gm-Message-State: AOJu0YxprP851dr5oWDnWuX208rIqS8x/7C5KOXRkHFAR5FAmT10wsnQ FEvnfzu18s8dzpUFkM99Eej0QkckXHJan6zev42+ X-Google-Smtp-Source: AGHT+IGL5UhB5HhvTOWpZuR6v95NxwJe4g+zXUVXUS554aEFsc/GlWZiIV916LpXuIgo0/V184I8wNlnKoIYhiZEQhlq X-Received: from axel.svl.corp.google.com ([2620:15c:2a3:200:cc07:13ef:656b:e8de]) (user=axelrasmussen job=sendgmr) by 2002:a81:a94a:0:b0:56c:ed45:442c with SMTP id g71-20020a81a94a000000b0056ced45442cmr65776ywh.5.1691695306687; Thu, 10 Aug 2023 12:21:46 -0700 (PDT) Date: Thu, 10 Aug 2023 12:21:28 -0700 Mime-Version: 1.0 X-Mailer: git-send-email 2.41.0.640.ga95def55d0-goog Message-ID: <20230810192128.1855570-1-axelrasmussen@google.com> Subject: [PATCH mm-unstable fix] mm: userfaultfd: check for start + len overflow in validate_range: fix From: Axel Rasmussen To: Alexander Viro , Andrew Morton , Brian Geffon , Christian Brauner , David Hildenbrand , Gaosheng Cui , Huang Ying , Hugh Dickins , James Houghton , Jiaqi Yan , Jonathan Corbet , Kefeng Wang , "Liam R. Howlett" , Miaohe Lin , Mike Kravetz , "Mike Rapoport (IBM)" , Muchun Song , Nadav Amit , Naoya Horiguchi , Peter Xu , Ryan Roberts , Shuah Khan , Steven Barrett , Suleiman Souhlal , Suren Baghdasaryan , "T.J. Alumbaugh" , Yu Zhao , ZhangPeng Cc: linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kselftest@vger.kernel.org, Axel Rasmussen Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: A56814001A X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: rc1rby9yfdqbkh4optjojeqzianuweyf X-HE-Tag: 1691695307-854088 X-HE-Meta: U2FsdGVkX1+Et97GRBymmdaWTMFTCYk2IzfYevuY4kHYenRIPSDe9hgLLzaY6VivzVQZC8HVJ2KiK6AAmzWaplQmN0ThUzSr3iVchjo3WvaTrkIDgUIHY3iJsiiTHIu2cS2A88Uq9M/ENS3BMW7Z2CphvUANj7z/jwoUqEZHZlhUm/OdjX8vZhMjF88MlW4BNacvMfkp6CBUin4VxHksphkv3BiIQ/1pQv73JAwJS1K1fldfRYJL94+GnbcWAoPzSZXPHChBEaHkkXKamWoNUSI+XzydOZT6VTgXiEOFpvOUzsOEj7FMD+PfrQe9gmJl85E/eou66XxFuaUELt6yrSO8mnOMo71dBmZbnAb4G1t/L28z+Ma/hMOQAI4uWqrvrLZWoYN+V554UF7cL+c0vOV750IoeV8kxwMxh0CWpri8PT8eTQX+EXZodpaav7WYLze+AqUqkax7GsJYedPldfNi2Zyyg6PrVcM4HR/lzOAY2J87ESJK/XMkqy+MxztT+YJ6CkwpEjMdQes9wgIVFiK1RyCkrVl88+m9c7DMAbMDAdh7wuY6kJohHywfinyaxAcfjba4RR0J9ijJrhBlV1V1ngl889dIGIr3XYjoGftZD24qBTJF8MkBUnisqvv5x7TGOw9GyU5GOLtxF/jKavAb3uMCGSOWOzqLZ2wn+UVRZEa+LWGzMAzO/6ZSv1VXimi0SamsTRrY43VqboizshjIOBdvCih81sseybMUDA18BftDZrQUPCsQZUqX/PSK7rqZDIhPxsUliSv54VB9WY8r/YFbf0u76uORsM+9ASTSK9FgfP7RGKUXlilWXojGT9cWlU4IyOQeHC0rkrAF+w4thSfTuPM41upbyz3KkPVi/MUaAEd5IuElZCT4F24eybnfZf1v/Xoyf5QzUiV7AqW7dzqcFmXFTEg0RS0zrVsd3du1iD9NqIrMRBAQUCLVhADZy2L/UgdpRaJnKGv YsvZY4fQ es7hxFKE5uSZU5TWsh85MNs0FP0QQ7L+5JHyDE4mYUuC8Kcwh0Ro8tVdzX1rFcUb1gHRidAKBhkK2s8od4r33yYqMT4Gy59x4L4H1TBqjzGSNd2Ix4GIUyJvI5Mp2MRmM8gq9MCWe7S0T/ODIwwpoZEDd7zu9BnX2z7641QL/PArnhytMS661ymCBkBbUDt2LtgnN1QZeqenAlFY0bUMgj7WTAEgcr6IsrGmaT6lPhN3uJ55ExoWFglgusBWkQV7r9Pd9bgQT98qXw1TQVB0EPFLnmQh75l9pVr4Yz9f1heYkRuZi9p3pz4JAVrI4O7ujkh9P5FvquALgyoBedB3Y2g/1iDh9HpVm7qmt0KsSo2eZ+DgaUKiQaLjvFu/Mji57HDp0cXKqP6ICmrpvX8c0usZ68/5TyKYGGExLJ6gRW+ubbusSwsqfUEypmzOzZuQCCR+3qJ1CzxdzxlFDAGBqrOSkMDCzg9ZI8BNjBzcpjQtNZ26dHsQ+8C5rWXtGPio2bngLrKgZslTU/WJojgbHpM3Ev0DsIxULWXGS0L7dKMjrQVzxoQyTTJKfcBZfha8kVXgl4hYCGoN8E0khFVqeWEsRyVvjf+9SvhcmnV4i7ADQPjae6B61iDrkNHDd+v1qAhJkK/ntFa9KwzztTXwo8mUQo6vDqEWvvxZYlcnf1dkQimKUVp1pm27UlmnyHHYoPyYqvd45ciQZDMNy3VKkS/7LE4YIz7/0WQpyIGDEeJ1BYdu7uwq+uwJxsEp+LloAwz06cYnVd/SS77QOZuoTQeg4nPhB3yo0llisniobt6qPFGmgpiHbEtI8TNdgGinipedfbib4Xjh4Ut1W7P2yCk3s3VIwbMCtZCUyTD3oCumjJWI= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: A previous fixup to this commit fixed one issue, but introduced another: we're now overly strict when validating the src address for UFFDIO_COPY. Most of the validation in validate_range is useful to apply to src as well as dst, but page alignment is only a requirement for dst, not src. So, split the function up so src can use an "unaligned" variant, while still allowing us to share the majority of the code between the different cases. Reported-by: Ryan Roberts Closes: https://lore.kernel.org/linux-mm/8fbb5965-28f7-4e9a-ac04-1406ed8fc2d4@arm.com/T/#t Signed-off-by: Axel Rasmussen --- fs/userfaultfd.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/fs/userfaultfd.c b/fs/userfaultfd.c index bb5c474a0a77..1091cb461747 100644 --- a/fs/userfaultfd.c +++ b/fs/userfaultfd.c @@ -1287,13 +1287,11 @@ static __always_inline void wake_userfault(struct userfaultfd_ctx *ctx, __wake_userfault(ctx, range); } -static __always_inline int validate_range(struct mm_struct *mm, - __u64 start, __u64 len) +static __always_inline int validate_unaligned_range( + struct mm_struct *mm, __u64 start, __u64 len) { __u64 task_size = mm->task_size; - if (start & ~PAGE_MASK) - return -EINVAL; if (len & ~PAGE_MASK) return -EINVAL; if (!len) @@ -1309,6 +1307,15 @@ static __always_inline int validate_range(struct mm_struct *mm, return 0; } +static __always_inline int validate_range(struct mm_struct *mm, + __u64 start, __u64 len) +{ + if (start & ~PAGE_MASK) + return -EINVAL; + + return validate_unaligned_range(mm, start, len); +} + static int userfaultfd_register(struct userfaultfd_ctx *ctx, unsigned long arg) { @@ -1759,7 +1766,8 @@ static int userfaultfd_copy(struct userfaultfd_ctx *ctx, sizeof(uffdio_copy)-sizeof(__s64))) goto out; - ret = validate_range(ctx->mm, uffdio_copy.src, uffdio_copy.len); + ret = validate_unaligned_range(ctx->mm, uffdio_copy.src, + uffdio_copy.len); if (ret) goto out; ret = validate_range(ctx->mm, uffdio_copy.dst, uffdio_copy.len); -- 2.41.0.640.ga95def55d0-goog