From nobody Sat Feb 7 08:07:19 2026 Received: from mail-pl1-f201.google.com (mail-pl1-f201.google.com [209.85.214.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 731DA1ACEB8 for ; Thu, 9 Jan 2025 18:59:17 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736449159; cv=none; b=WRTpn3EQxo2N195CRPxzEv50H/9LZ8nipjutXaY6Ekg3AG7nnvewIgoGd+flVPjSetbpDNX25ld+O+Jdce4lBJrCpPnQzuGNHqoA8VwldFxWRqbQ/S8sanfdz85w4PkIkK2th5x1o+835u4H7jiUf8XRqtWSzFYZEpaI+Ds/4XM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736449159; c=relaxed/simple; bh=5ouj2AhXZ1bBbnD3an16wk9UQLEyqoCTPmWZasVatX8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=KHSyK7kUjkN17MNKKXCVsUS3/qtzbEmYrDZulldYD7S7+ijACPJm2eFsQ8hrNOuhRjcrQMUnm2Ev0/lLCavOc+EZodib1x5YRnNLmM2q7drGOYPczK2j3Sdosyt0cgXm/zbfVKHktTGYCZbfbP+ILLaInjRkrCAgjH9IuYeMqc4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=UJQfKT8P; arc=none smtp.client-ip=209.85.214.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="UJQfKT8P" Received: by mail-pl1-f201.google.com with SMTP id d9443c01a7336-216728b170cso22695315ad.2 for ; Thu, 09 Jan 2025 10:59:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736449157; x=1737053957; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=9BM99KssmhmTboJoX+NifvNHQdZn7EvgZFYAg3A4crk=; b=UJQfKT8PkGXxPb6JWL93LPzAvgh77PzmNN9mX/HYYmxNZ4rO+ZOwbNRpHWyMiZ/nMn rOcc32IrjXs3DmPjSXzpgaDgNr4e8JMHEHMz/N46gzAmbpyUaOn/mAOmINMiXjEDU+W3 aqXBPJsVBioJsdXDOQLzuOvhkD7z91N1CUoPhmKwb4aVXM0Y0t7ETnEyPiBfGRR6Q4C6 elulFNKxjbGoJvCcseEMc3pIxJVN66CYGZCAyjrohcxKxZly+dM0+xH7XRIhAp6N3Qju JmY+/JNW7/ThOE9Py6gSQ5TiuIDEUAShhZzGDm42cnjJlZJstEP5jVH9CT7Zp3vSyTgZ FqeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736449157; x=1737053957; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=9BM99KssmhmTboJoX+NifvNHQdZn7EvgZFYAg3A4crk=; b=I8QxZt3yeWHcgUejlo3+mQaAyLTAlH7cFQ771jtI5NlraZEb3PHYit7SHeJG5d/TZR Y5i28oWEue1PXp2Vzx178390kAhx0m4shMk8VlPCadH0rwjvlxrpWc1QBT/kk8ov5GV6 UXM+dmXPH4fwJ6tmoNUpj2HjmyzVbvQx4NMDVxtOnzuaLLdKkEe0itW3NYW73h7RBJs3 MI275mzxaC1eFbfRRLqM+mJlNca6rNBBCow/i+SjnqWHLaGV5Gk0yJs7XsPG3cc7b+FI dmqDoh5Xhwrq6ZMFejTgmBbDbu8pOPWgTEOCZLTvdbmwBDb3/1Jq7wrpYAI4jAcjQG/R mJYA== X-Forwarded-Encrypted: i=1; AJvYcCWuuSKlw9cQmHDhQm5VPZ+iGwnQQ2VnyQH8HFTViVwLmdOmzNq6c38mO1S9AHbVeMHgewlHGSP2IfsMBFw=@vger.kernel.org X-Gm-Message-State: AOJu0Yzk4ZOs4udgjyr+wmO5Kl6Erpmr7dTpqRnThtwGGrBYIovDqSrJ x6hhMRpAQTtNda2UuqxIP/LpGfGVQ03Fn2+N0QYqizviENrdp/fw6SayAqA3f8KtJck9oTDTaPr 0UPMLnDdsVsKp/VD6mtKCkNQ6OZxoUilS0w== X-Google-Smtp-Source: AGHT+IHA+ue8ssbg4T8El5ZJqPpI8Z5g1BzSDPCiGMlQKNfCBhMyjgYhHWpnabOxoBs97nTzEBWzGU1z3a8OuNT70fFeBA== X-Received: from pgbdr5.prod.google.com ([2002:a05:6a02:fc5:b0:7fd:3282:aa47]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a17:902:cecd:b0:215:6995:1ef3 with SMTP id d9443c01a7336-21a83f3469cmr96318765ad.3.1736449156806; Thu, 09 Jan 2025 10:59:16 -0800 (PST) Date: Thu, 9 Jan 2025 10:59:04 -0800 In-Reply-To: <20250109185908.1006310-1-isaacmanjarres@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250109185908.1006310-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250109185908.1006310-2-isaacmanjarres@google.com> Subject: [PATCH v3 1/2] mm/memfd: Refactor and cleanup the logic in memfd_create() From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" memfd_create() is a pretty busy function that could be easier to read if some of the logic was split out into helper functions. Therefore, split the flags sanitization, name allocation, and file structure allocation into their own helper functions. No functional change. Signed-off-by: Isaac J. Manjarres Reviewed-by: Alice Ryhl Reviewed-by: Lorenzo Stoakes --- mm/memfd.c | 82 +++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 59 insertions(+), 23 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index 5f5a23c9051d..bf0c2d97b940 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -369,15 +369,9 @@ int memfd_check_seals_mmap(struct file *file, unsigned= long *vm_flags_ptr) return err; } =20 -SYSCALL_DEFINE2(memfd_create, - const char __user *, uname, - unsigned int, flags) +static int sanitize_flags(unsigned int *flags_ptr) { - unsigned int *file_seals; - struct file *file; - int fd, error; - char *name; - long len; + unsigned int flags =3D *flags_ptr; =20 if (!(flags & MFD_HUGETLB)) { if (flags & ~(unsigned int)MFD_ALL_FLAGS) @@ -393,20 +387,25 @@ SYSCALL_DEFINE2(memfd_create, if ((flags & MFD_EXEC) && (flags & MFD_NOEXEC_SEAL)) return -EINVAL; =20 - error =3D check_sysctl_memfd_noexec(&flags); - if (error < 0) - return error; + return check_sysctl_memfd_noexec(flags_ptr); +} + +static char *alloc_name(const char __user *uname) +{ + int error; + char *name; + long len; =20 /* length includes terminating zero */ len =3D strnlen_user(uname, MFD_NAME_MAX_LEN + 1); if (len <=3D 0) - return -EFAULT; + return ERR_PTR(-EFAULT); if (len > MFD_NAME_MAX_LEN + 1) - return -EINVAL; + return ERR_PTR(-EINVAL); =20 name =3D kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); if (!name) - return -ENOMEM; + return ERR_PTR(-ENOMEM); =20 strcpy(name, MFD_NAME_PREFIX); if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { @@ -420,23 +419,28 @@ SYSCALL_DEFINE2(memfd_create, goto err_name; } =20 - fd =3D get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0); - if (fd < 0) { - error =3D fd; - goto err_name; - } + return name; + +err_name: + kfree(name); + return ERR_PTR(error); +} + +static struct file *alloc_file(const char *name, unsigned int flags) +{ + unsigned int *file_seals; + struct file *file; =20 if (flags & MFD_HUGETLB) { file =3D hugetlb_file_setup(name, 0, VM_NORESERVE, HUGETLB_ANONHUGE_INODE, (flags >> MFD_HUGE_SHIFT) & MFD_HUGE_MASK); - } else + } else { file =3D shmem_file_setup(name, 0, VM_NORESERVE); - if (IS_ERR(file)) { - error =3D PTR_ERR(file); - goto err_fd; } + if (IS_ERR(file)) + return file; file->f_mode |=3D FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE; file->f_flags |=3D O_LARGEFILE; =20 @@ -456,7 +460,39 @@ SYSCALL_DEFINE2(memfd_create, *file_seals &=3D ~F_SEAL_SEAL; } =20 + return file; +} + +SYSCALL_DEFINE2(memfd_create, + const char __user *, uname, + unsigned int, flags) +{ + struct file *file; + int fd, error; + char *name; + + error =3D sanitize_flags(&flags); + if (error < 0) + return error; + + name =3D alloc_name(uname); + if (IS_ERR(name)) + return PTR_ERR(name); + + fd =3D get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0); + if (fd < 0) { + error =3D fd; + goto err_name; + } + + file =3D alloc_file(name, flags); + if (IS_ERR(file)) { + error =3D PTR_ERR(file); + goto err_fd; + } + fd_install(fd, file); + /* name is not needed beyond this point. */ kfree(name); return fd; =20 --=20 2.47.1.613.gc27f4b7a9f-goog From nobody Sat Feb 7 08:07:19 2026 Received: from mail-pj1-f73.google.com (mail-pj1-f73.google.com [209.85.216.73]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 50D811ACEC9 for ; Thu, 9 Jan 2025 18:59:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.73 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736449162; cv=none; b=LpaSKsEzJCwBDo67FHIaCyuEeyJVTz34jqeHL2lnqa62rtx4rOEMqQ9/Se0UEBwVegMvnYBZ0uMH8ZbFFQu7kT7feiSN4xr3l5N4YcF93DHjQCsCUc/hJKGYYGlLNUNNnHegUK8K0hHPT6GOGkQtnz0tZZTsgICJ99JLvzuIek8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1736449162; c=relaxed/simple; bh=t88ex4HSjyN73/wRcypioWLS5C/JrTgzzoH3mbpTNI8=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=DRa0hY4+d7jF7hX5QrL9AUdfQspQ4NVcDc7ML+EO8DwsxIhn3AnoOur3VQbF1Uzw/JO3+Q1TO5ER81HmtoyC++5VtsO4kfHfvFNh+d6GBYgmgviuglJ1b4PxIoHpoWibjHK+Q97Dmti9NJiCfMq5QEgZkozO8+pEZreSdEBPUHA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=bzAPgsIo; arc=none smtp.client-ip=209.85.216.73 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--isaacmanjarres.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="bzAPgsIo" Received: by mail-pj1-f73.google.com with SMTP id 98e67ed59e1d1-2ef9e4c5343so3212115a91.0 for ; Thu, 09 Jan 2025 10:59:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1736449160; x=1737053960; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=vVkytyGroLwxKpu6w8PxqqBpmuTg7vt8SUP4RbxWhNI=; b=bzAPgsIoEx0SOs9xwH7Mahx4i/omYPdeN/Rz55WR0XOit676PXpt+91dzwhlPILsx7 Jqs4B284dq68gtUhEIktFrLE0jJOYHFoc+50cFyrhoo7e+dm/ZzeVIzpz2FJT1DZgeVx gr63nih7rqWxG9AFrVgdRSRaer7D+F6PjEaXLgwGlfcWb0foeYMQUhy5Zz9UKdImdK7g mQt8s8oCvFKRpyAFhSQ2T+CaZZYvuZUH9E3hGAU1oluUWIIjiBTyz5Ob0JIVIhzedSkI CXb7SjGWkXAzS42eOPLej/mjQj6voH79yRZ6o+XKUIUGAMVJLgfWvcFzoPrpkKXkLizR MRcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736449160; x=1737053960; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=vVkytyGroLwxKpu6w8PxqqBpmuTg7vt8SUP4RbxWhNI=; b=bjpMRUX+Dmaw2Md89lbGLIAOfVYykIPhxFiZQ/3MzD9jMXjjf+OR3m674l2bDkafYg WpCg1R427LUj2Qdpp/ImSVzUdQ9nPSvmBnu/oVjadhoPyOOq0oexXQUmAYDqQ5cIcZ9O KMz0n/5Upiy0JzJu3R4UpRflCqv6gXrYGG/gT8mbemJSXb4HHLXCpv5S7e37fnaApMUU RzODxLyt0tC2Td9PspxDh695bQmZ4LnupJyrZkYhbXA4MswFY+iBZtRZMeRcfxt1mzKX SJ1ICZCrX8yfTR8lEjPGmDUv6qga1VZEjDKvpI7q/GMzI0Whez/nvSCcBp1ycttHt7lK rEkg== X-Forwarded-Encrypted: i=1; AJvYcCUKmdJjJnAFXNxGvYWCzdZe39wfwSQ7QXdgMjaiCd/U+nNCr3DS+8V6t05QN5+3NpkO6rWSC/gKbxA4Au8=@vger.kernel.org X-Gm-Message-State: AOJu0YwsmRFhSSZXhtgaZNtCs9Y7yjjc03bvGpWh9Qu+gnWKVa96XsQC vDuwZtiKu33uk227vNjWyWPrCCOJULYkcsIoM46bVr0iUYySCgs+oitHmmC+86Ydp2fJKs46Dhx /uzb6A/WgvLC+4isW269hFEIvK63rRMhnAg== X-Google-Smtp-Source: AGHT+IFcAdbj5ipXPPT8S6r/j/AGAC2HdwtO6q6OnIuCZs5nz6p0jTJfcCgfKaTqsW7r6Riz5MD0Oxb+Hl+AaSAao9LhCw== X-Received: from pjbqa5.prod.google.com ([2002:a17:90b:4fc5:b0:2ef:d283:5089]) (user=isaacmanjarres job=prod-delivery.src-stubby-dispatcher) by 2002:a17:90b:280a:b0:2ee:d63f:d77 with SMTP id 98e67ed59e1d1-2f548f2ecb6mr12096434a91.9.1736449160589; Thu, 09 Jan 2025 10:59:20 -0800 (PST) Date: Thu, 9 Jan 2025 10:59:05 -0800 In-Reply-To: <20250109185908.1006310-1-isaacmanjarres@google.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20250109185908.1006310-1-isaacmanjarres@google.com> X-Mailer: git-send-email 2.47.1.613.gc27f4b7a9f-goog Message-ID: <20250109185908.1006310-3-isaacmanjarres@google.com> Subject: [PATCH v3 2/2] mm/memfd: Use strncpy_from_user() to read memfd name From: "Isaac J. Manjarres" To: lorenzo.stoakes@oracle.com, Andrew Morton Cc: kaleshsingh@google.com, jstultz@google.com, aliceryhl@google.com, surenb@google.com, "Isaac J. Manjarres" , kernel-team@android.com, linux-mm@kvack.org, linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The existing logic uses strnlen_user() to calculate the length of the memfd name from userspace and then copies the string into a buffer using copy_from_user(). This is error-prone, as the string length could have changed between the time when it was calculated and when the string was copied. The existing logic handles this by ensuring that the last byte in the buffer is the terminating zero. This handling is contrived and can better be handled by using strncpy_from_user(), which gets the length of the string and copies it in one shot. Therefore, simplify the logic for copying the memfd name by using strncpy_from_user(). No functional change. Reviewed-by: Alice Ryhl Signed-off-by: Isaac J. Manjarres Reviewed-by: Lorenzo Stoakes --- mm/memfd.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/mm/memfd.c b/mm/memfd.c index bf0c2d97b940..5b7c5892ba64 100644 --- a/mm/memfd.c +++ b/mm/memfd.c @@ -396,26 +396,18 @@ static char *alloc_name(const char __user *uname) char *name; long len; =20 - /* length includes terminating zero */ - len =3D strnlen_user(uname, MFD_NAME_MAX_LEN + 1); - if (len <=3D 0) - return ERR_PTR(-EFAULT); - if (len > MFD_NAME_MAX_LEN + 1) - return ERR_PTR(-EINVAL); - - name =3D kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_KERNEL); + name =3D kmalloc(NAME_MAX + 1, GFP_KERNEL); if (!name) return ERR_PTR(-ENOMEM); =20 strcpy(name, MFD_NAME_PREFIX); - if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) { + /* returned length does not include terminating zero */ + len =3D strncpy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, MFD_NAME_MAX= _LEN + 1); + if (len < 0) { error =3D -EFAULT; goto err_name; - } - - /* terminating-zero may have changed after strnlen_user() returned */ - if (name[len + MFD_NAME_PREFIX_LEN - 1]) { - error =3D -EFAULT; + } else if (len > MFD_NAME_MAX_LEN) { + error =3D -EINVAL; goto err_name; } =20 --=20 2.47.1.613.gc27f4b7a9f-goog