Hi All,
This patch series introduces the mm reservation interface to manage the owning capability of the allocated addresses. Looking for feedback regarding interface names, interface directory structure, reservation layer outside the VMA(current approach) vs reservation layer inside the VMA etc.
Below are the implemented features in brief:
1) Reservation interface to implement the different PCuABI reservation rules. This reservations sits outside the VMA layer and can be used before and after the VMA updates. Currently all interfaces supports only mmap_lock locked version. 2) The reservation interfaces and owning capability helpers are created as a library so that they can be used by different components (i.e. mm, elf loaders etc.). 3) munmap() syscall allows shrinking the mappings but reservation range remains fixed so they cannot be mapped again until the last mapping in the reservation range is unmapped. 4) mremap() trying to remap new size lesser then old size behaves same as munmap. mremap() with new size larger than old size and with MREMAP_MAYMOVE flag will move the reservation also if the mapped range is same as reservation range. 4) Reservation bound constraint checks added for mprotect, madvise, mlock, mincore and msync syscall. 5) Helpers added to validate the capability address permission constraints. 6) Capability permission constraint checks added for mmap, mremap and mprotect syscall. 7) Details about several rules implemented can be found in PCuABI spec here [1].
Limitations/Unimplemented works:
1) Users of vm_mmap/vm_munmap() i.e. filesystems, loaders etc are not modified to preserve capability addresses so patch 6 "mm/(mmap, munmap): Limit reservation for only syscalls" added to limit reservation to syscalls. 2) Patch 15 "lib/cap_addr_mgmt: Reduce the maximum protection check impact" added to boot in the busybox. 3) Cover remaning memory addressing syscalls.
Testing:
1) Chaitanya v2 selftests [2]. 2) Busybox boot.
The whole series can be found here [3].
[1]: https://git.morello-project.org/morello/kernel/linux/-/wikis/Morello-pure-ca... [2]: https://git.morello-project.org/chaitanya_prakash/linux.git review/mmap_testcase [3]: https://git.morello-project.org/amitdaniel/linux.git review/purecap_mm_reservation_v1
Thanksm, Amit Daniel
Amit Daniel Kachhap (19): uapi: errno.h: Introduce PCuABI memory reservation error mm: Add capability reservation interfaces for PCuABI lib/cap_addr_mgmt: Add capability bound helpers for PCuABI mm/(mmap, mremap): Add flags to ignore reservation in unmap functions mm/mmap: Use the PCuABI reservations in mmap/munmap mm/(mmap, munmap): Limit reservation for only syscalls mm/mremap: Add the PCuABI reservation interfaces mm/mprotect: Add the PCuABI reservation interfaces mm/madvise: Add the PCuABI reservation interfaces mm/mlock: Add the PCuABI reservation interfaces mm/mincore: Add the PCuABI reservation interfaces mm/msync: Add the PCuABI reservation interfaces uapi: mman-common.h: Helpers for maximum capability permissions lib/cap_addr_mgmt: Add capability permission helpers for PCuABI lib/cap_addr_mgmt: Reduce the maximum protection check impact mm/mmap: Disable MAP_GROWSDOWN mapping flag for PCuABI mm/mmap: Add capability permission constraints for PCuABI mm/mremap: Add capability permission constraints for PCuABI mm/mprotect: Add capability permission constraints for PCuABI
arch/arm64/include/asm/cap_addr_mgmt.h | 22 +++ fs/aio.c | 2 +- include/linux/cap_addr_mgmt.h | 167 +++++++++++++++++ include/linux/cheri.h | 3 + include/linux/mm.h | 20 +- include/linux/mm_types.h | 3 + include/uapi/asm-generic/errno.h | 2 + include/uapi/asm-generic/mman-common.h | 6 + io_uring/advise.c | 2 +- ipc/shm.c | 2 +- kernel/fork.c | 8 + lib/Makefile | 1 + lib/cap_addr_mgmt.c | 250 +++++++++++++++++++++++++ mm/damon/vaddr.c | 2 +- mm/internal.h | 4 +- mm/madvise.c | 27 ++- mm/mincore.c | 18 +- mm/mlock.c | 37 +++- mm/mmap.c | 134 +++++++++++-- mm/mprotect.c | 22 ++- mm/mremap.c | 117 ++++++++++-- mm/msync.c | 17 +- mm/nommu.c | 2 +- mm/util.c | 16 +- 24 files changed, 808 insertions(+), 76 deletions(-) create mode 100644 arch/arm64/include/asm/cap_addr_mgmt.h create mode 100644 include/linux/cap_addr_mgmt.h create mode 100644 lib/cap_addr_mgmt.c