On 11/03/2024 10:28, Amit Daniel Kachhap wrote:
[...]
diff --git a/lib/user_ptr.c b/lib/user_ptr.c index 115efc9fe678..f597f73191bb 100644 --- a/lib/user_ptr.c +++ b/lib/user_ptr.c @@ -1,6 +1,8 @@ /* SPDX-License-Identifier: GPL-2.0-only */ #include <linux/bug.h> +#include <linux/cap_addr_mgmt.h> #include <linux/cheri.h> +#include <linux/sched.h> #include <linux/user_ptr.h> void __user *uaddr_to_user_ptr(ptraddr_t addr) @@ -70,3 +72,38 @@ bool check_user_ptr_rw(void __user *ptr, size_t len) { return cheri_check_cap(ptr, len, CHERI_PERM_LOAD | CHERI_PERM_STORE); }
+bool check_user_ptr_owning(user_uintptr_t user_ptr, ptraddr_t addr, size_t len) +{
- if (!reserv_is_supported(current->mm))
return true;
I would strongly prefer these checks to be done in the caller. In fact AFAICT this is already done in most cases, so this check is redundant. The helpers in this file are generic, they should do what they're asked to do regardless of the nature of current->mm.
- addr = round_down(addr, PAGE_SIZE);
- len = round_up(len, PAGE_SIZE);
- return cheri_check_cap((const void * __capability)cheri_address_set(user_ptr, addr),
len, CHERI_PERM_GLOBAL | CHERI_PERM_SW_VMEM);+}
+user_uintptr_t make_user_ptr_owning(ptraddr_t addr, size_t len, user_ptr_perms_t perm) +{
- ptraddr_t align_addr;
- user_uintptr_t user_ptr;
- if (!reserv_is_supported(current->mm))
return (user_uintptr_t)addr;- align_addr = reserv_representable_base(round_down(addr, PAGE_SIZE), len);
- len = cheri_representable_length(round_up(len, PAGE_SIZE));
- user_ptr = (user_uintptr_t)cheri_build_user_cap(align_addr, len, perm);
- return cheri_address_set(user_ptr, addr);
+}
+user_ptr_perms_t user_ptr_perms_from_prot(int prot __maybe_unused,
bool has_tag_access __maybe_unused)
Nit: not sure why we would need __maybe_unused on function parameters. The kernel is built with -Wno-unused-parameter even with W=1 (see scripts/Makefile.extrawarn). That's a pretty strong assumption in the kernel, even trivial empty implementations like those added above would warn otherwise.
Kevin
+{
- /* TODO [PCuABI] - capability permission conversion from memory permission */
- return (CHERI_PERMS_READ | CHERI_PERMS_WRITE |
CHERI_PERMS_EXEC | CHERI_PERMS_ROOTCAP);+} diff --git a/mm/cap_addr_mgmt.c b/mm/cap_addr_mgmt.c index 5586fde34d0a..890101eec187 100644 --- a/mm/cap_addr_mgmt.c +++ b/mm/cap_addr_mgmt.c @@ -58,7 +58,7 @@ user_uintptr_t reserv_range_set_reserv(ptraddr_t start, size_t len, user_ptr_per } if (!locked) mmap_write_unlock(current->mm);
- ret = (user_uintptr_t)uaddr_to_user_ptr_safe(start);
- ret = make_user_ptr_owning(start, len, perm);
return ret; }