Commit 530e0909 authored by Lorenzo Stoakes's avatar Lorenzo Stoakes Committed by Andrew Morton
Browse files

mm/mseal: simplify and rename VMA gap check 

The check_mm_seal() function is doing something general - checking whether
a range contains only VMAs (or rather that it does NOT contain any
unmapped regions).

So rename this function to range_contains_unmapped().

Additionally simplify the logic, we are simply checking whether the last
vma->vm_end has either a VMA starting after it or ends before the end
parameter.

This check is rather dubious, so it is sensible to keep it local to
mm/mseal.c as at a later stage it may be removed, and we don't want any
other mm code to perform such a check.

No functional change intended.

[lorenzo.stoakes@oracle.com: add comment explaining why we disallow gaps on mseal()]
  Link: https://lkml.kernel.org/r/d85b3d55-09dc-43ba-8204-b48267a96751@lucifer.local
Link: https://lkml.kernel.org/r/dd50984eff1e242b5f7f0f070a3360ef760e06b8.1753431105.git.lorenzo.stoakes@oracle.com


Signed-off-by: default avatarLorenzo Stoakes <lorenzo.stoakes@oracle.com>
Reviewed-by: default avatarLiam R. Howlett <Liam.Howlett@oracle.com>
Acked-by: default avatarDavid Hildenbrand <david@redhat.com>
Acked-by: default avatarJeff Xu <jeffxu@chromium.org>
Reviewed-by: default avatarPedro Falcato <pfalcato@suse.de>
Cc: Jann Horn <jannh@google.com>
Cc: Kees Cook <kees@kernel.org>
Cc: Vlastimil Babka <vbabka@suse.cz>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
parent 8b291416

mm/mseal.c

+28 −23
Original line number Diff line number Diff line
@@ -38,31 +38,40 @@ static int mseal_fixup(struct vma_iterator *vmi, struct vm_area_struct *vma, 
}



/*

 * Check for do_mseal:

 * 1> start is part of a valid vma.

 * 2> end is part of a valid vma.

 * 3> No gap (unallocated address) between start and end.

 * 4> map is sealable.

 * mseal() disallows an input range which contain unmapped ranges (VMA holes).

 *

 * It disallows unmapped regions from start to end whether they exist at the

 * start, in the middle, or at the end of the range, or any combination thereof.

 *

 * This is because after sealng a range, there's nothing to stop memory mapping

 * of ranges in the remaining gaps later, meaning that the user might then

 * wrongly consider the entirety of the mseal()'d range to be sealed when it

 * in fact isn't.

 */



/*

 * Does the [start, end) range contain any unmapped memory?

 *

 * We ensure that:

 * - start is part of a valid VMA.

 * - end is part of a valid VMA.

 * - no gap (unallocated memory) exists between start and end.

 */

static int check_mm_seal(unsigned long start, unsigned long end)

static bool range_contains_unmapped(struct mm_struct *mm,

		unsigned long start, unsigned long end)

{

	struct vm_area_struct *vma;

	unsigned long nstart = start;

	unsigned long prev_end = start;

	VMA_ITERATOR(vmi, current->mm, start);



	/* going through each vma to check. */

	for_each_vma_range(vmi, vma, end) {

		if (vma->vm_start > nstart)

			/* unallocated memory found. */

			return -ENOMEM;

		if (vma->vm_start > prev_end)

			return true;



		if (vma->vm_end >= end)

			return 0;



		nstart = vma->vm_end;

		prev_end = vma->vm_end;

	}



	return -ENOMEM;

	return prev_end < end;

}



/*
@@ -184,14 +193,10 @@ int do_mseal(unsigned long start, size_t len_in, unsigned long flags) 
	if (mmap_write_lock_killable(mm))

		return -EINTR;



	/*

	 * First pass, this helps to avoid

	 * partial sealing in case of error in input address range,

	 * e.g. ENOMEM error.

	 */

	ret = check_mm_seal(start, end);

	if (ret)

	if (range_contains_unmapped(mm, start, end)) {

		ret = -ENOMEM;

		goto out;

	}



	/*

	 * Second pass, this should success, unless there are errors