Now that all mappings are backed by a reservation of the appropriate size and permissions, we can easily provide a capability with restricted bounds and permissions on io_setup().
mremap() will take care of creating a capability with updated bounds if needed; ctx->user_id is updated accordingly in aio_ring_mremap(), so that aio_ctx_id_is_same() doesn't reject the new capability obtained from mremap().
Signed-off-by: Kevin Brodsky kevin.brodsky@arm.com --- fs/aio.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/aio.c b/fs/aio.c index bb4fcb46c182..43bebe6fb3a3 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -42,6 +42,7 @@ #include <linux/percpu-refcount.h> #include <linux/mount.h> #include <linux/pseudo_fs.h> +#include <linux/mm_reserv.h>
#include <linux/uaccess.h> #include <linux/nospec.h> @@ -471,8 +472,8 @@ static int aio_ring_mremap(struct vm_area_struct *vma) if (ctx && ctx->aio_ring_file == file) { if (!atomic_read(&ctx->dead)) { ctx->mmap_base = vma->vm_start; - /* TODO [PCuABI] - derive proper capability */ - ctx->user_id = uaddr_to_user_ptr_safe(ctx->mmap_base); + ctx->user_id = (aio_context_t) + reserv_vma_make_user_ptr_owning(vma); res = 0; } break; @@ -674,8 +675,8 @@ static int aio_setup_ring(struct kioctx *ctx, unsigned int nr_events)
pr_debug("mmap address: 0x%08lx\n", ctx->mmap_base);
- /* TODO [PCuABI] - derive proper capability */ - ctx->user_id = uaddr_to_user_ptr_safe(ctx->mmap_base); + ctx->user_id = (aio_context_t) + reserv_make_user_ptr_owning(ctx->mmap_base, false); ctx->nr_events = nr_events; /* trusted copy */
ctx->ring = vmap(ctx->ring_pages, nr_pages, VM_MAP, PAGE_KERNEL);