From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8AF00C4332F for ; Sat, 10 Dec 2022 03:10:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 8D6338E0003; Fri, 9 Dec 2022 22:09:59 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 886608E0001; Fri, 9 Dec 2022 22:09:59 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 74DED8E0003; Fri, 9 Dec 2022 22:09:59 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0017.hostedemail.com [216.40.44.17]) by kanga.kvack.org (Postfix) with ESMTP id 654A38E0001 for ; Fri, 9 Dec 2022 22:09:59 -0500 (EST) Received: from smtpin14.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 2C111A0002 for ; Sat, 10 Dec 2022 03:09:59 +0000 (UTC) X-FDA: 80224917318.14.81650B1 Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188]) by imf16.hostedemail.com (Postfix) with ESMTP id D0CF1180003 for ; Sat, 10 Dec 2022 03:09:55 +0000 (UTC) Authentication-Results: imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1670641797; a=rsa-sha256; cv=none; b=qfOUw0/1A3KZgijYb4q/MmQli578OLn7xvIX3spGCjG45rsna9Bi/NgsY2YDkP/vFx61E1 ILu/4zMoCPY3sNP3QE8jrln+8/vgEbGJVtmhVp3bKTXMZp57Vs4k3Gv79i/eVSp3kThfF3 clRG7OfrO7QtFs3FdKJbPRMYxTypDLE= ARC-Authentication-Results: i=1; imf16.hostedemail.com; dkim=none; spf=pass (imf16.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.188 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com; dmarc=pass (policy=quarantine) header.from=huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1670641797; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zGJAUJH8UsI9wkqtC8T1R3fUBNZymKCBPKJBVSJZkq4=; b=56/nITANeiOZsmgTxS+ocutu5YgEM2h9+Q7dNdoIDjdOIyneQRvVTQxSGt1MMVis6+RMBE 48pepmfrSIZXTtJgiabnM1YRI3rD5r8kOTRK9TYwSQ4qsymAsgByDWE3nbKI99HAZSf/Zj SzZrotbEI+v0/Wtll4FTC0/+jknn79s= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.56]) by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4NTXsk0wyjzJqQB; Sat, 10 Dec 2022 11:08:58 +0800 (CST) Received: from [10.174.178.120] (10.174.178.120) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.31; Sat, 10 Dec 2022 11:09:48 +0800 Message-ID: Date: Sat, 10 Dec 2022 11:09:48 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.3.2 CC: , , , , , Subject: Re: [PATCH 1/4] mm/mlock: return EINVAL for illegal user memory range in mlock Content-Language: en-US To: References: <20221205034108.3365182-1-mawupeng1@huawei.com> <20221205034108.3365182-2-mawupeng1@huawei.com> From: mawupeng In-Reply-To: <20221205034108.3365182-2-mawupeng1@huawei.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.120] X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspam-User: X-Rspamd-Queue-Id: D0CF1180003 X-Rspamd-Server: rspam01 X-Stat-Signature: 754unqw6yqs6b1acybwmi6bqrbyfd3fi X-HE-Tag: 1670641795-626791 X-HE-Meta: U2FsdGVkX1+pPTw9OOd0xa0MU2f+NN3ZD/QmuWan4GmPBOSBPC0Fp1Npxlsno2IfGNnwQteZLtE+FXJcqFXpCWaX37XFijsqlHu4Rn9eRRFa/y8PpDv32n/CI5k6wrIdOMJzf80Rb47Q8Qfoa60ndRpotvea4UkObRHOH1W6h75mz9pMXAW/JA6POGkwYLxeUgrj2E+6ZNjJro0HD60KWiuH4TvBQ7utwMNtSka6VKrg9+bt8lOzmH2kY2si6QnTXb7AaF5vhIXAFE6Y0iWssF9yxUVYGsnRv/rb3XSIkP7Zwd3uGJe5TBTwf3f9GMmJkX57Mz3iemB0lWZY/u5G531778PqL4aB/N1DI3jSL0tnWL0DNjtbw671sebhyTYryeomVXM2emWs9QoiNbXPsbsQ8LvSW3q6acZWDlBzVR+7KGlxDl96xWF9dxY06FNfqzJJarjO91karckQMmZ5COGVRe0PeYqJWe2xVh77C1aFXdBu6JvkslPXiMWHAWr4uC4HEcefK2ZAx9PXEVA7Nt1WJ6O53GW4KaEaOMvCN5fm1xM975VZLe5hQIk8bajGOk+0ckPzn2zq4bZd9bT6rA8JWQZcm8jGjwvSXUF5vAWaA/3K5O4bdZWyMaLDL2PsYhLJc1Y2MpwJUVkr4LmNk6OcZgvXRv4ckuB6hi7oJdWIjmtP5kNKJPG5gTpYmklkTgEccv2MnPV9gu+apG7ZTk2hs5VCefWCam8u5P/WpdbPZLALcXUtsefJC037duvAvu7+PNPlCUQ8DzPJjyFx1Bci/zCvV07yPejwuzu9mj6KAAyfg7hfRBbYZRq8OWJAkLvBxGGolK8= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/12/5 11:41, Wupeng Ma wrote: > From: Ma Wupeng > > While testing mlock, we have a problem if the len of mlock is ULONG_MAX. > The return value of mlock is zero. But nothing will be locked since the > len in do_mlock overflows to zero due to the following code in mlock: > > len = PAGE_ALIGN(len + (offset_in_page(start))); > > The same problem happens in munlock. > > Since TASK_SIZE is the maximum user space address. The start or len of > mlock shouldn't be bigger than this. Function access_ok can be used to > check this issue, so return -EINVAL if bigger. > > Signed-off-by: Ma Wupeng > --- > mm/mlock.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/mm/mlock.c b/mm/mlock.c > index 7032f6dd0ce1..b9422a62a4cf 100644 > --- a/mm/mlock.c > +++ b/mm/mlock.c > @@ -575,6 +575,9 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla > if (!can_do_mlock()) > return -EPERM; > > + if (unlikely(!access_ok((void __user *)start, len))) > + return -EINVAL; When we are runing ltp testcase, a error occurs on mlock[1]. It seems that ENOMEN is expencted for this testcase. In the manual of mlock[2] ENOMEM (mlock(), mlock2(), and munlock()) Some of the specified address range does not correspond to mapped pages in the address space of the process. ENOMEM seem more appropriate for this situation? [1] https://github.com/linux-test-project/ltp/blob/20220930/testcases/open_posix_testsuite/conformance/interfaces/mlock/8-1.c [2] https://man7.org/linux/man-pages/man2/mlock.2.html > + > len = PAGE_ALIGN(len + (offset_in_page(start))); > start &= PAGE_MASK; > > @@ -635,6 +638,9 @@ SYSCALL_DEFINE2(munlock, unsigned long, start, size_t, len) > > start = untagged_addr(start); > > + if (unlikely(!access_ok((void __user *)start, len))) > + return -EINVAL; > + > len = PAGE_ALIGN(len + (offset_in_page(start))); > start &= PAGE_MASK; >