The aio_ring buffer is a shared memory region that hosts the io_event array. The io_event struct may contain user pointers, so the memory region must be allowed to store and load capability pointers.
Signed-off-by: Tudor Cretu tudor.cretu@arm.com --- fs/aio.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/fs/aio.c b/fs/aio.c index e6e45498ccd27..a83bf7f656ca4 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -466,6 +466,16 @@ static int aio_ring_mmap(struct file *file, struct vm_area_struct *vma) { vma->vm_flags |= VM_DONTEXPAND; vma->vm_ops = &aio_ring_vm_ops; + if (IS_ENABLED(CONFIG_CHERI_PURECAP_UABI)) { + size_t sz = vma->vm_end - vma->vm_start; + struct kioctx *ctx = file->f_mapping->private_data; + unsigned long pfn = page_to_pfn(ctx->ring_pages[0]); + + vma->vm_flags |= VM_READ_CAPS | VM_WRITE_CAPS; + vma_set_page_prot(vma); + return remap_pfn_range(vma, vma->vm_start, pfn, sz, vma->vm_page_prot); + } + return 0; }