[patch 06/16] mm: Provide vm_special_mapping::close

From: Thomas Gleixner
Date: Tue Dec 12 2017 - 12:35:58 EST

Next message: Thomas Gleixner: "[patch 13/16] x86/ldt: Introduce LDT write fault handler"
Previous message: James Bottomley: "Re: [GIT PULL] SCSI fixes for 4.15-rc3"
In reply to: Thomas Gleixner: "[patch 15/16] x86/ldt: Add VMA management code"
Next in thread: Thomas Gleixner: "[patch 13/16] x86/ldt: Introduce LDT write fault handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra <peterz@xxxxxxxxxxxxx>

Userspace can (malisiously) munmap() the VMAs injected into its memory
map through install_special_mapping(). In order to ensure there are no
hardware resources tied to the mapping, we need a close callback.

Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>
Signed-off-by: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
---
---
include/linux/mm_types.h | 3 +++
mm/mmap.c | 4 ++++
2 files changed, 7 insertions(+)

--- a/include/linux/mm_types.h
+++ b/include/linux/mm_types.h
@@ -644,6 +644,9 @@ struct vm_special_mapping {

int (*mremap)(const struct vm_special_mapping *sm,
struct vm_area_struct *new_vma);
+
+ void (*close)(const struct vm_special_mapping *sm,
+ struct vm_area_struct *vma);
};

enum tlb_flush_reason {
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -3206,6 +3206,10 @@ static int special_mapping_fault(struct
*/
static void special_mapping_close(struct vm_area_struct *vma)
{
+ struct vm_special_mapping *sm = vma->vm_private_data;
+
+ if (sm->close)
+ sm->close(sm, vma);
}

static const char *special_mapping_name(struct vm_area_struct *vma)

Next message: Thomas Gleixner: "[patch 13/16] x86/ldt: Introduce LDT write fault handler"
Previous message: James Bottomley: "Re: [GIT PULL] SCSI fixes for 4.15-rc3"
In reply to: Thomas Gleixner: "[patch 15/16] x86/ldt: Add VMA management code"
Next in thread: Thomas Gleixner: "[patch 13/16] x86/ldt: Introduce LDT write fault handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]