On 08/01/2024 11:23, Amit Daniel Kachhap wrote:
diff --git a/mm/mmap.c b/mm/mmap.c index 7fd7d3ac377b..95d16e306559 100644 --- a/mm/mmap.c +++ b/mm/mmap.c @@ -1238,6 +1238,7 @@ user_uintptr_t do_mmap(struct file *file, user_uintptr_t usrptr, int pkey = 0; unsigned long addr = (ptraddr_t)usrptr; bool new_caps = true;
- bool ignore_reserv = true;
I think we could do without that, defaulting new_caps to false. This means that mmap_region() should do nothing regardless of the value of new_reserv in !PCuABI, which is easily achieved by only doing the vma lookup if we are using reservations (mm_flags has MMF_PCUABI_RESERV).
[...]
-SYSCALL_DEFINE2(munmap, user_uintptr_t, addr, size_t, len) +SYSCALL_DEFINE2(munmap, user_uintptr_t, usrptr, size_t, len) {
- addr = untagged_addr(addr);
- ptraddr_t addr = untagged_addr((ptraddr_t)usrptr);
- VMA_ITERATOR(vmi, current->mm, addr);
+#ifdef CONFIG_CHERI_PURECAP_UABI
- usrptr = cheri_address_set(usrptr, addr);
This is pretty cumbersome. It would be preferable to ensure that we always untag the address of a capability before comparing it. In fact, cheri_check_cap() already does that, and so does capability_owns_range() as a result. Note that the base and limit of a capability are never tagged, so reserv_vmi_valid_capability() should also cope with a tagged address.
Kevin
+#else
- usrptr = addr;
+#endif
- if (test_bit(MMF_PCUABI_RESERVE, ¤t->mm->flags)) {
if (!capability_owns_range(usrptr, addr, len))return -EINVAL;if (!reserv_vmi_valid_capability(&vmi, usrptr, false))return -ERESERVATION;- } return __vm_munmap(addr, len, true);
}
[...]