]> git.baikalelectronics.ru Git - kernel.git/commit
mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()
authorCatalin Marinas <catalin.marinas@arm.com>
Wed, 19 Feb 2020 12:31:56 +0000 (12:31 +0000)
committerWill Deacon <will@kernel.org>
Thu, 20 Feb 2020 10:03:14 +0000 (10:03 +0000)
commitaf7efbb79985d24fc014e54d2fb167ceedfa8f0d
treefba292b1a70328443aa982471c65a28c2ea28572
parentced405dcee647f102c5cc03df4f9bbc2934c06fe
mm: Avoid creating virtual address aliases in brk()/mmap()/mremap()

Currently the arm64 kernel ignores the top address byte passed to brk(),
mmap() and mremap(). When the user is not aware of the 56-bit address
limit or relies on the kernel to return an error, untagging such
pointers has the potential to create address aliases in user-space.
Passing a tagged address to munmap(), madvise() is permitted since the
tagged pointer is expected to be inside an existing mapping.

The current behaviour breaks the existing glibc malloc() implementation
which relies on brk() with an address beyond 56-bit to be rejected by
the kernel.

Remove untagging in the above functions by partially reverting commit
fbfa1020b647 ("mm: untag user pointers in mmap/munmap/mremap/brk"). In
addition, update the arm64 tagged-address-abi.rst document accordingly.

Link: https://bugzilla.redhat.com/1797052
Fixes: fbfa1020b647 ("mm: untag user pointers in mmap/munmap/mremap/brk")
Cc: <stable@vger.kernel.org> # 5.4.x-
Cc: Florian Weimer <fweimer@redhat.com>
Reviewed-by: Andrew Morton <akpm@linux-foundation.org>
Reported-by: Victor Stinner <vstinner@redhat.com>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will@kernel.org>
Documentation/arm64/tagged-address-abi.rst
mm/mmap.c
mm/mremap.c