From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Yash Shah <yash.shah@sifive.com>,
David Abdurachmanov <david.abdurachmanov@gmail.com>,
Palmer Dabbelt <palmerdabbelt@google.com>,
Sasha Levin <sashal@kernel.org>,
linux-riscv@lists.infradead.org
Subject: [PATCH AUTOSEL 4.19 15/15] RISC-V: Don't allow write+exec only page mapping request in mmap
Date: Tue, 23 Jun 2020 13:36:30 -0400 [thread overview]
Message-ID: <20200623173630.1355971-15-sashal@kernel.org> (raw)
In-Reply-To: <20200623173630.1355971-1-sashal@kernel.org>
From: Yash Shah <yash.shah@sifive.com>
[ Upstream commit e0d17c842c0f824fd4df9f4688709fc6907201e1 ]
As per the table 4.4 of version "20190608-Priv-MSU-Ratified" of the
RISC-V instruction set manual[0], the PTE permission bit combination of
"write+exec only" is reserved for future use. Hence, don't allow such
mapping request in mmap call.
An issue is been reported by David Abdurachmanov, that while running
stress-ng with "sysbadaddr" argument, RCU stalls are observed on RISC-V
specific kernel.
This issue arises when the stress-sysbadaddr request for pages with
"write+exec only" permission bits and then passes the address obtain
from this mmap call to various system call. For the riscv kernel, the
mmap call should fail for this particular combination of permission bits
since it's not valid.
[0]: http://dabbelt.com/~palmer/keep/riscv-isa-manual/riscv-privileged-20190608-1.pdf
Signed-off-by: Yash Shah <yash.shah@sifive.com>
Reported-by: David Abdurachmanov <david.abdurachmanov@gmail.com>
[Palmer: Refer to the latest ISA specification at the only link I could
find, and update the terminology.]
Signed-off-by: Palmer Dabbelt <palmerdabbelt@google.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
arch/riscv/kernel/sys_riscv.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/arch/riscv/kernel/sys_riscv.c b/arch/riscv/kernel/sys_riscv.c
index fb03a4482ad60..db44da32701f2 100644
--- a/arch/riscv/kernel/sys_riscv.c
+++ b/arch/riscv/kernel/sys_riscv.c
@@ -16,6 +16,7 @@
#include <linux/syscalls.h>
#include <asm/unistd.h>
#include <asm/cacheflush.h>
+#include <asm-generic/mman-common.h>
static long riscv_sys_mmap(unsigned long addr, unsigned long len,
unsigned long prot, unsigned long flags,
@@ -24,6 +25,11 @@ static long riscv_sys_mmap(unsigned long addr, unsigned long len,
{
if (unlikely(offset & (~PAGE_MASK >> page_shift_offset)))
return -EINVAL;
+
+ if ((prot & PROT_WRITE) && (prot & PROT_EXEC))
+ if (unlikely(!(prot & PROT_READ)))
+ return -EINVAL;
+
return ksys_mmap_pgoff(addr, len, prot, flags, fd,
offset >> (PAGE_SHIFT - page_shift_offset));
}
--
2.25.1
prev parent reply other threads:[~2020-06-23 17:38 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 17:36 [PATCH AUTOSEL 4.19 01/15] sata_rcar: handle pm_runtime_get_sync failure cases Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 02/15] ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 03/15] drm/amd/display: Use kfree() to free rgb_user in calculate_user_regamma_ramp() Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 04/15] riscv/atomic: Fix sign extension for RV64I Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 05/15] hwrng: ks-sa - Fix runtime PM imbalance on error Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 06/15] arm64/sve: Eliminate data races on sve_default_vl Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 07/15] ibmvnic: Harden device login requests Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 08/15] net: alx: fix race condition in alx_remove Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 09/15] rocker: fix incorrect error handling in dma_rings_init Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 10/15] s390/ptrace: fix setting syscall number Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 11/15] s390/vdso: fix vDSO clock_getres() Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 12/15] arm64: sve: Fix build failure when ARM64_SVE=y and SYSCTL=n Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 13/15] kbuild: improve cc-option to clean up all temporary files Sasha Levin
2020-06-23 17:36 ` [PATCH AUTOSEL 4.19 14/15] blktrace: break out of blktrace setup on concurrent calls Sasha Levin
2020-06-23 17:36 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623173630.1355971-15-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=david.abdurachmanov@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=palmerdabbelt@google.com \
--cc=stable@vger.kernel.org \
--cc=yash.shah@sifive.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox