From nobody Sun Feb 8 03:25:07 2026 Received: from mail-pl1-f202.google.com (mail-pl1-f202.google.com [209.85.214.202]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 435421F708D for ; Tue, 7 Jan 2025 18:48:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.202 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736275695; cv=none; b=kvHQNXo4zOztksu5VM4GPmzyoS7o6/cqqh8UCHDiWLmE6WJLdtJWt8ZJTINxVvrHvxOjgX4ZkwBseTDdRx33W3/HVBBuch24gPDQ8LwCR4D2weVHmFQ7Z3ZGuh47WOGKvemM+tQbM+niGlygwTVcJHDfC1cTFnUOjYkAtPlyX58= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736275695; c=relaxed/simple; bh=nC4nqWe7t+XRFx7qTiwJJrpOdJ9AmrRRImYh9QZrbZY=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=dCk9UZw4IpsyWuPX4f2GnpS7HYergz+IGPK3/ylut0VzhqkrATUQrNCR6IWVtphB8v7L5owQ8YCS3UaVd/mnYhEQtG4wdJUxd/ojeJSJPAo1AkmC/tCv7nhWSPBfIBB+PpHynIAPEMChrLYhLJ/RXYimGbtnswT7uGTwe0oeK6o= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=kBymD0Ll; arc=none smtp.client-ip=209.85.214.202 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="kBymD0Ll" Received: by mail-pl1-f202.google.com with SMTP id d9443c01a7336-2166464e236so395691035ad.1 for ; Tue, 07 Jan 2025 10:48:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736275693; x=1736880493; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=rk8gGRBUBzYGA/wGbzmWKmNsJkZ0zUQC1Vm7cFkzsUg=; b=kBymD0LljJ1Xv94jDXOKwSjiQoIF0GMoZP4aeh5TFPk2I2BjOXbrnM8+3QI+LbWwvl KnQcCztYwvDfW8Pjp7v3jTwc8Ii1Gqx3bfOftX52XZKOSKPHA5URTGTHE/1nf48kiXlh A9g++pUnJVTi6DvnNd/k5N2H2B5BTExcOHy2NaISbfxuF3yvWWz5drEHExqt26jgY/5H jZ8S3Y8Kcy46q6ZkQBde+BMu0fTR7v+OVwAoLhF72dryc7B4k5z6Ytt4gU6OQGqnFG6Q RaqIQzrkNrUMRBms8KZ623Yku5MqNT3lNSvRrnLEG4237C+DcL+m3CuHOztHgZBhy22a I8FA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736275693; x=1736880493; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=rk8gGRBUBzYGA/wGbzmWKmNsJkZ0zUQC1Vm7cFkzsUg=; b=akyEJ9IS5pUomz6R2YZbBTefbQb0W1ZSmZuiYS0bXtaKd31iYTMdmpeYKAzs0Ac3m0 ZNfJKwUd1YkaM+3d/C5vn9Dg0aXIIHD4hNstUX/bgez9xilbuThTYTZbsoUNJHR2Tu3J 23MQu/tsG5H+PZVRRvrKkw1Iic9o94MPM6PJy9c76kCFb6DDX8PDfxIzeSFSmCJ02YAw mATme2qjX6vNHdb94MZQjx5ySpCTA2/SmqOBr2PW39zisansIDXsLyz+G6m5QtAhUmOS D/VvT9GjCa3QKgJNwIqIa9Ju6fv9/mmG1hJd1a3dmyulHc5xoSueG+0ETs3siFhnb27Q OIjw== X-Forwarded-Encrypted: i=1; AJvYcCX0QCqBWSXtEIcrfHf3gn6+Xo51bvF7+IXRuWqQWoFCiqIgDKbnNbnl7vE2VMqrzMZ4mGs9APskmEBoOsg=@vger.kernel.org X-Gm-Message-State: AOJu0YyTGfzE+UBhv7Xtojk2fVot8CEqUvNTQPL0x6UPJ0DXJhw72BdO OVsMAXTSPgvvwYFaWVojcdJb0GwhG4ORHbRbPdWQ55ePLGv04ALtUyzRjMnfQ9z/IZrw8UZkYER vGO9DJdn1r5uMn7jq7fd+cFtaHoLq/b/nWw== X-Google-Smtp-Source: AGHT+IFdAzLXbO2JkFr6H9h5q7HlYAi/wupYUCRA9P6KEwg4AV1/VAJRWO1ih6khzEfbAr8w3y0I1JH1Peh32phJwTXDJQ== X-Received: from pfxa5.prod.google.com ([2002:a05:6a00:1d05:b0:724:e19a:dfd1]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a05:6a21:8cc4:b0:1e2:5c9:65e0 with SMTP id adf61e73a8af0-1e88d2ec106mr351161637.32.1736275693607; Tue, 07 Jan 2025 10:48:13 -0800 (PST) Date: Tue, 7 Jan 2025 10:48:01 -0800 In-Reply-To: <20250107184804.4074147-1-isaacmanjarres@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250107184804.4074147-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250107184804.4074147-2-isaacmanjarres@google.com> Subject: [PATCH v2 1/2] mm/memfd: Refactor and cleanup the logic in memfd_create() From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" memfd_create() is a pretty busy function that could be easier to read if some of the logic was split out into helper functions. Therefore, split the flags check, name creation, and file creation into their own helper functions, and create the file structure before creating the memfd. This allows for simplifying the error handling path in memfd_create(). No functional change. Signed-off-by: Isaac J. Manjarres --- mm/memfd.c | 87 +++++++++++++++++++++++++++++++++++------------------- 1 file changed, 56 insertions(+), 31 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index 5f5a23c9051d..a9430090bb20 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -369,16 +369,8 @@ int memfd_check_seals_mmap(struct file *file, unsigned= long *vm_flags_ptr) return err; } =20 -SYSCALL_DEFINE2(memfd_create, - const char __user *, uname, - unsigned int, flags) +static int memfd_validate_flags(unsigned int flags) { - unsigned int *file_seals; - struct file *file; - int fd, error; - char *name; - long len; - if (!(flags & MFD_HUGETLB)) { if (flags & ~(unsigned int)MFD_ALL_FLAGS) return -EINVAL; @@ -393,20 +385,25 @@ SYSCALL_DEFINE2(memfd_create, if ((flags & MFD_EXEC) && (flags & MFD_NOEXEC_SEAL)) return -EINVAL; =20 - error =3D check_sysctl_memfd_noexec(&flags); - if (error < 0) - return error; + return check_sysctl_memfd_noexec(&flags); +} + +static char *memfd_create_name(const char __user *uname) +{ + int error; + char *name; + long len; =20 /* length includes terminating zero */ len =3D strnlen_user(uname, MFD_NAME_MAX_LEN + 1); if (len <=3D 0) - return -EFAULT; + return ERR_PTR(-EFAULT); if (len > MFD_NAME_MAX_LEN + 1) - return -EINVAL; + return ERR_PTR(-EINVAL); =20 name =3D kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); if (!name) - return -ENOMEM; + return ERR_PTR(-ENOMEM); =20 strcpy(name, MFD_NAME_PREFIX); if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { @@ -420,11 +417,22 @@ SYSCALL_DEFINE2(memfd_create, goto err_name; } =20 - fd =3D get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0); - if (fd < 0) { - error =3D fd; - goto err_name; - } + return name; + +err_name: + kfree(name); + return ERR_PTR(error); +} + +static struct file *memfd_file_create(const char *name, unsigned int flags) +{ + unsigned int *file_seals; + struct file *file; + int error; + + error =3D memfd_validate_flags(flags); + if (error < 0) + return ERR_PTR(error); =20 if (flags & MFD_HUGETLB) { file =3D hugetlb_file_setup(name, 0, VM_NORESERVE, @@ -433,10 +441,8 @@ SYSCALL_DEFINE2(memfd_create, MFD_HUGE_MASK); } else file =3D shmem_file_setup(name, 0, VM_NORESERVE); - if (IS_ERR(file)) { - error =3D PTR_ERR(file); - goto err_fd; - } + if (IS_ERR(file)) + return file; file->f_mode |=3D FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; file->f_flags |=3D O_LARGEFILE; =20 @@ -456,13 +462,32 @@ SYSCALL_DEFINE2(memfd_create, *file_seals &=3D ~F_SEAL_SEAL; } =20 - fd_install(fd, file); - kfree(name); - return fd; + return file; +} =20 -err_fd: - put_unused_fd(fd); -err_name: +SYSCALL_DEFINE2(memfd_create, + const char __user *, uname, + unsigned int, flags) +{ + struct file *file; + int fd; + char *name; + + name =3D memfd_create_name(uname); + if (IS_ERR(name)) + return PTR_ERR(name); + + file =3D memfd_file_create(name, flags); + /* name is not needed beyond this point. */ kfree(name); - return error; + if (IS_ERR(file)) + return PTR_ERR(file); + + fd =3D get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0); + if (fd >=3D 0) + fd_install(fd, file); + else + fput(file); + + return fd; } --=20 2.47.1.613.gc27f4b7a9f-goog From nobody Sun Feb 8 03:25:07 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4ABE91F76AF for ; Tue, 7 Jan 2025 18:48:18 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736275699; cv=none; b=PB6STsZp+tUUTlrTVld89bEIuWQQD0zI0OEAS6b0x46TR5pTxFSSja0nGRwQ4mag2qeYt5Jwcu+B83q5zjEw21rgEFzmZVDLoVVmjA3AYh08eiidgvwYfKhYAc6KLGzz1PfyxtBa01ET77tutQS2risOHGcpULbYYwfWO+ImxPI= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736275699; c=relaxed/simple; bh=vZ8YfafbenCjiRlUYk/DzFVD85XiAFmCGR2IexFvjlQ=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=fcTyUx2fkQh742t3AG3En30h0HUdiczJnUkE9wIK6RwS76Els9mFT/sKNIdaI3HdDdrkCb9NmRzaFv9wVa4nTPLeHolTVOWcWAHU3XFLz6BTu1VRTqTzmenaSlUSOstUi3d+PmhadpCPnNKFbj9LsoSnUw+eo1ZM7VMbqL7puh0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=T0IcqUY6; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="T0IcqUY6" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ee3206466aso107647a91.1 for ; Tue, 07 Jan 2025 10:48:18 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736275697; x=1736880497; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=50lLEW9SKYc1xkD+PbF+LHJJKluSEdexAUkKUhuIKDk=; b=T0IcqUY6t1tx8nAVmWGoQCDGM6ocJplMVqfk/kjbqSO3oOdXFSAppXoEpFcRtfvJG8 Hw4xApvk4W2Std8sAgBsfo6qQR6IAPUpZCKxdZzTNAq4hmlo/gHikcgcRGGiEHs81ydf BdhuKDebTrL4OEQn7nfs/2jqkJi+rC/22GpyT4PF9qvnAs/9+7gFBR4AV5gxtqetOmKf mIv/BNM1QZia8HApdQq255VP8ywjo5bFEFlZJcBmiRORGOJ5FXrYtx69/HX8HnxJqAi9 zX47WfFY8xnJUHVXsXNgw/GrGXntr/ZNki9+UrQR2KtiATiwcJnclBWKIZG5pAm1bb0M PR3w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736275697; x=1736880497; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=50lLEW9SKYc1xkD+PbF+LHJJKluSEdexAUkKUhuIKDk=; b=IoVN99gyYHxMEMJmCLdMa6rRLGt45KDrrOtydKlVbt6KtnpqkOfbNWBx2mWSeUX6c+ 9L5/kTG2mHeDn4ffIOwHibiQw7Y0olTOlw/eSGKsVJv9gskxZEdLl9p0mWmXit61qGIE 08M7HLhFT9Oq+nYXhQ7W6aIvu2g93VM1b7jFsGbo5reDykA+2s5SMCi2CVdzZtFmkVDe wpus0qw+VVBEy9pUHgpsj6/jZ1MixkhqvwmyknlxD/HQKhfH2vSbqBHomj1C0XKyLrqQ 4VZYDvYP1rHCQeN/hm3NY2rgqUQ+g2Orp6Q+FteesksBR/JXZlOz2ee4E8Fum6YKpCON 1NzA== X-Forwarded-Encrypted: i=1; AJvYcCWU51W8z1duKo/+5raujUJbq92ownzVHz95h2u/BTcN7yI/Rw5AZ4PosLPud1xbmlK3x7wjRAVUxSELV5M=@vger.kernel.org X-Gm-Message-State: AOJu0Ywp79OkmkPHS0P0ZzvWnAptdzH2Oyk2zlVLGlhiiWksxV/unVGK dYBlIWzzmPaDktG4qxPJNQUWt2t/aY0WfkSkW+8n5em1+eAAko/hHQEFmIOzlCt9qcOhAdWi+NL JDH9VR9p9FO8x9Zqtlzxlm/sB8uKJT7NLPw== X-Google-Smtp-Source: AGHT+IGHSFoGgESZy9nn6zzNByx2COlM3Gms6uDyLSzyV2qnHkKsirasdpXYNca+u/B/CV52aTS2q18lsuiCDMLSkxsbsw== X-Received: from pjbsl16.prod.google.com ([2002:a17:90b:2e10:b0:2ef:82a8:7171]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:5245:b0:2f2:a90e:74ef with SMTP id 98e67ed59e1d1-2f53cb837b7mr6272082a91.1.1736275697657; Tue, 07 Jan 2025 10:48:17 -0800 (PST) Date: Tue, 7 Jan 2025 10:48:02 -0800 In-Reply-To: <20250107184804.4074147-1-isaacmanjarres@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250107184804.4074147-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250107184804.4074147-3-isaacmanjarres@google.com> Subject: [PATCH v2 2/2] mm/memfd: Use strncpy_from_user() to read memfd name From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The existing logic uses strnlen_user() to calculate the length of the memfd name from userspace and then copies the string into a buffer using copy_from_user(). This is error-prone, as the string length could have changed between the time when it was calculated and when the string was copied. The existing logic handles this by ensuring that the last byte in the buffer is the terminating zero. This handling is contrived and can better be handled by using strncpy_from_user(), which gets the length of the string and copies it in one shot. Therefore, simplify the logic for copying the memfd name by using strncpy_from_user(). No functional change. Signed-off-by: Isaac J. Manjarres Reviewed-by: Alice Ryhl --- mm/memfd.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index a9430090bb20..babf6433cf7b 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -394,26 +394,18 @@ static char *memfd_create_name(const char __user *una= me) char *name; long len; =20 - /* length includes terminating zero */ - len =3D strnlen_user(uname, MFD_NAME_MAX_LEN + 1); - if (len <=3D 0) - return ERR_PTR(-EFAULT); - if (len > MFD_NAME_MAX_LEN + 1) - return ERR_PTR(-EINVAL); - - name =3D kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); + name =3D kmalloc(MFD_NAME_PREFIX_LEN + MFD_NAME_MAX_LEN + 1, GFP_KERNEL); if (!name) return ERR_PTR(-ENOMEM); =20 strcpy(name, MFD_NAME_PREFIX); - if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { + /* length does not include terminating zero */ + len =3D strncpy_from_user(name + MFD_NAME_PREFIX_LEN, uname, MFD_NAME_MAX= _LEN + 1); + if (len < 0) { error =3D -EFAULT; goto err_name; - } - - /* terminating-zero may have changed after strnlen_user() returned */ - if (name[len + MFD_NAME_PREFIX_LEN - 1]) { - error =3D -EFAULT; + } else if (len > MFD_NAME_MAX_LEN) { + error =3D -EINVAL; goto err_name; } =20 --=20 2.47.1.613.gc27f4b7a9f-goog