From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9B99FC4332F for ; Thu, 29 Dec 2022 07:48:23 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id A14E38E0002; Thu, 29 Dec 2022 02:48:22 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 9C4DA8E0001; Thu, 29 Dec 2022 02:48:22 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 865748E0002; Thu, 29 Dec 2022 02:48:22 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11]) by kanga.kvack.org (Postfix) with ESMTP id 744928E0001 for ; Thu, 29 Dec 2022 02:48:22 -0500 (EST) Received: from smtpin08.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay04.hostedemail.com (Postfix) with ESMTP id 41E271A0882 for ; Thu, 29 Dec 2022 07:48:22 +0000 (UTC) X-FDA: 80294566044.08.95D609C Received: from szxga01-in.huawei.com (szxga01-in.huawei.com [45.249.212.187]) by imf03.hostedemail.com (Postfix) with ESMTP id 8664720004 for ; Thu, 29 Dec 2022 07:48:18 +0000 (UTC) Authentication-Results: imf03.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf03.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1672300100; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GfDslZp4yn6noUdizkST7Jt9wWd4c8pgB1v4UjiDzyk=; b=bGxK+tVP5oHOG1uuSh60E7SLvmNPYf/KufpcUaVkG4IxnRObZqVfXUJkP/KLHAxDCPz3xM tRkNUO1Y52R5BMlMW2WxCa8UYxjrr6UBdHVFRvJVYpvBRXuLnFHJIdADw/M4bGrhG5DRjz pQ9b3k8Ql2ub1UvFvix4PhVehOXle5Y= ARC-Authentication-Results: i=1; imf03.hostedemail.com; dkim=none; dmarc=pass (policy=quarantine) header.from=huawei.com; spf=pass (imf03.hostedemail.com: domain of mawupeng1@huawei.com designates 45.249.212.187 as permitted sender) smtp.mailfrom=mawupeng1@huawei.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1672300100; a=rsa-sha256; cv=none; b=pRN96VBm16NZKeCFd6zP+Fdnw+2viTpQdUWuVPCJivr+vxwoh8y61oWB96GfvNGUEuTDGI dY9N1kx89oP/AsbTOCZDlipju23GGhlv+DjvSA7Tv6JOYntwKJd+cjorHufrf8JeK/iK1v LVfAXkT+2blgm7Stm0L6mpg8QoayThQ= Received: from dggpemm500014.china.huawei.com (unknown [172.30.72.55]) by szxga01-in.huawei.com (SkyGuard) with ESMTP id 4NjL3v5GhHzkX1g; Thu, 29 Dec 2022 15:43:39 +0800 (CST) Received: from [10.174.178.120] (10.174.178.120) by dggpemm500014.china.huawei.com (7.185.36.153) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.34; Thu, 29 Dec 2022 15:48:12 +0800 Message-ID: Date: Thu, 29 Dec 2022 15:48:12 +0800 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.6.0 From: mawupeng Subject: Re: [PATCH 1/4] mm/mlock: return EINVAL for illegal user memory range in mlock To: CC: , , , , , References: <20221205034108.3365182-1-mawupeng1@huawei.com> <20221205034108.3365182-2-mawupeng1@huawei.com> <20221228141701.c64add46c4b09aa17f605baf@linux-foundation.org> Content-Language: en-US In-Reply-To: <20221228141701.c64add46c4b09aa17f605baf@linux-foundation.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.174.178.120] X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To dggpemm500014.china.huawei.com (7.185.36.153) X-CFilter-Loop: Reflected X-Rspamd-Queue-Id: 8664720004 X-Stat-Signature: ype3stubqtdgyrisamayk3yppdr5ft5j X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1672300098-312878 X-HE-Meta: U2FsdGVkX1/kdBoTZcwp3p0FzSGDeV9U+lgudWrsWGElNxPFb7p8eT3dGpJNEeN/bsN7yEFWf4J886yCRMu0mWmLJSYXsbk/NUevX+wZwmPO5pi2PG3oFShv3i+JgTyCNul408xZINHF/y9uWRw0QZdIv/aRsoF6ZeSGJ2LQ2FSef8uCiK0INn5P4/3nJJeJRcLymoo4T6NElhNqZrJ+lF/6PMahGkzM0UW9vAFy3vTNO2x2TTzKND4aXTF3vAGORMfYGEezpqUcrq6yXlvZ5akX4l+qb6XlLqPU5Tdmfx0I49WefRJ/cwKRqz/VYy9+fDf/1gHQA64giDNJepvIsXnQPYUesKiIxPn8pAsNEfOne4rNJYs1hgVr6qMEJsfs4FLoJOj9bE5LQ+OsHx6ul9MQ8ogQcxIdWgAhHkEXE67yV6i2NsoVG+rwJ456hrgQ05PjPc9nTZS18afauinknRLDwo2FAZVZbIbrI/ftvWWkz1RrcRagLvANleM2KM+UGu+0nq2PSYD/KSFyUPUxs7zqrKWLx2nl+UpumxxWwR+qnkyyrs1SLLe6w+U5TPtNTUMo88DfJxxOC0xieCcOvvJMl8JcKizqGluWbZHZrC+kRmOSdTOiKJ+lrKyUYF12Qxm/iSTJWcLPB7p+MQKf/wSZrcwQeK0k4AnMjKRsfoogLr6qaeHBkXRGmeyQlPhFFDXuirD9kq7F3I4mH2WevR2nQYGnJ0ppqpGwDEC+lW/EE2pqPEuOuwEjZqNOgykwyfuJ6LK9vf+/MdghoSZ2sxXb5ExgT7ZZLVybovsN0YJUtF+E/uhHK6JIvY06QGbMlCVYLsN1l90= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On 2022/12/29 6:17, Andrew Morton wrote: > On Mon, 5 Dec 2022 11:41:05 +0800 Wupeng Ma wrote: > >> While testing mlock, we have a problem if the len of mlock is ULONG_MAX. >> The return value of mlock is zero. But nothing will be locked since the >> len in do_mlock overflows to zero due to the following code in mlock: >> >> len = PAGE_ALIGN(len + (offset_in_page(start))); >> >> The same problem happens in munlock. >> >> Since TASK_SIZE is the maximum user space address. The start or len of >> mlock shouldn't be bigger than this. Function access_ok can be used to >> check this issue, so return -EINVAL if bigger. > > What happens if userspace uses a value somewhat smaller than ULONG_MAX? > > mlock(addr, ULONG_MAX - 1000000); > > ? > > Because if the above works successfully and if it no longer works > successfully with this patchset then that could be a > backward-compatibility problem. For mlock: mlock(addr, ULONG_MAX - 1000000) will ret -1 and the errno is EINVAL(22) due to the following call trace. do_mlock apply_vma_lock_flags end = start + len; if (end < start) return -EINVAL; Just like you said, we need to keep backward-compatibility. Maybe we can only catch and fix the overflowing scenarios since they are absolutely wrong. here is the diff: diff --git a/mm/mlock.c b/mm/mlock.c index 7032f6dd0ce1..fd5e857ab245 100644 --- a/mm/mlock.c +++ b/mm/mlock.c @@ -569,6 +569,7 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla unsigned long locked; unsigned long lock_limit; int error = -ENOMEM; + size_t old_len = len; start = untagged_addr(start); @@ -578,6 +579,9 @@ static __must_check int do_mlock(unsigned long start, size_t len, vm_flags_t fla len = PAGE_ALIGN(len + (offset_in_page(start))); start &= PAGE_MASK; + if (old_len != 0 && len == 0) + return -EINVAL; + lock_limit = rlimit(RLIMIT_MEMLOCK); lock_limit >>= PAGE_SHIFT; locked = len >> PAGE_SHIFT; >