kernel/arch/um/os-Linux/mem.c, branch linux-rolling-stable

um: set DONTDUMP and DONTFORK flags on KASAN shadow memory

2024-11-07T16:36:30Z

There is no point in either dumping the KASAN shadow memory or doing copy-on-write after a fork on these memory regions. This considerably speeds up coredump generation. Signed-off-by: Benjamin Berg Link: https://patch.msgid.link/20241103150506.1367695-1-benjamin@sipsolutions.net Signed-off-by: Johannes Berg

um: use execveat to create userspace MMs

2024-10-10T11:37:16Z

Using clone will not undo features that have been enabled by libc. An example of this already happening is rseq, which could cause the kernel to read/write memory of the userspace process. In the future the standard library might also use mseal by default to protect itself, which would also thwart our attempts at unmapping everything. Solve all this by taking a step back and doing an execve into a tiny static binary that sets up the minimal environment required for the stub without using any standard library. That way we have a clean execution environment that is fully under the control of UML. Note that this changes things a bit as the FDs are not anymore shared with the kernel. Instead, we explicitly share the FDs for the physical memory and all existing iomem regions. Doing this is fine, as iomem regions cannot be added at runtime. Signed-off-by: Benjamin Berg Link: https://patch.msgid.link/20240919124511.282088-3-benjamin@sipsolutions.net [use pipe() instead of pipe2(), remove unneeded close() calls] Signed-off-by: Johannes Berg

um: Add an internal header shared among the user code

2024-04-30T12:16:44Z

Move relevant declarations to this header. This will address below -Wmissing-prototypes warnings: arch/um/os-Linux/elf_aux.c:26:13: warning: no previous prototype for ‘scan_elf_aux’ [-Wmissing-prototypes] arch/um/os-Linux/mem.c:213:13: warning: no previous prototype for ‘check_tmpexec’ [-Wmissing-prototypes] arch/um/os-Linux/skas/process.c:107:6: warning: no previous prototype for ‘wait_stub_done’ [-Wmissing-prototypes] Signed-off-by: Tiwei Bie Signed-off-by: Richard Weinberger

um: Fix the declaration of kasan_map_memory

2024-04-30T12:15:42Z

Make it match its definition (size_t vs unsigned long). And declare it in a shared header to fix the -Wmissing-prototypes warning, as it is defined in the user code and called in the kernel code. Fixes: 5b301409e8bc ("UML: add support for KASAN under x86_64") Signed-off-by: Tiwei Bie Signed-off-by: Richard Weinberger

UML: add support for KASAN under x86_64

2022-07-17T21:35:22Z

Make KASAN run on User Mode Linux on x86_64. The UML-specific KASAN initializer uses mmap to map the ~16TB of shadow memory to the location defined by KASAN_SHADOW_OFFSET. kasan_init() utilizes constructors to initialize KASAN before main(). The location of the KASAN shadow memory, starting at KASAN_SHADOW_OFFSET, can be configured using the KASAN_SHADOW_OFFSET option. The default location of this offset is 0x100000000000, which keeps it out-of-the-way even on UML setups with more "physical" memory. For low-memory setups, 0x7fff8000 can be used instead, which fits in an immediate and is therefore faster, as suggested by Dmitry Vyukov. There is usually enough free space at this location; however, it is a config option so that it can be easily changed if needed. Note that, unlike KASAN on other architectures, vmalloc allocations still use the shadow memory allocated upfront, rather than allocating and free-ing it per-vmalloc allocation. If another architecture chooses to go down the same path, we should replace the checks for CONFIG_UML with something more generic, such as: - A CONFIG_KASAN_NO_SHADOW_ALLOC option, which architectures could set - or, a way of having architecture-specific versions of these vmalloc and module shadow memory allocation options. Also note that, while UML supports both KASAN in inline mode (CONFIG_KASAN_INLINE) and static linking (CONFIG_STATIC_LINK), it does not support both at the same time. Signed-off-by: Patricia Alfonso Co-developed-by: Vincent Whitchurch Signed-off-by: Vincent Whitchurch Signed-off-by: David Gow Reviewed-by: Johannes Berg Reviewed-by: Dmitry Vyukov Reviewed-by: Andrey Konovalov Signed-off-by: Richard Weinberger

um: Add SPDX headers for files in arch/um/os-Linux

2019-09-15T19:37:17Z

Convert files to use SPDX header. All files are licensed under the GPLv2. Signed-off-by: Alex Dewar Signed-off-by: Richard Weinberger

um: Use os_warn to print out pre-boot warning/error messages

2017-07-05T21:18:25Z

Use os_warn() instead of printf/fprintf to print out pre-boot warning/error messages to stderr. Note that the help message and version message are kept to print out to stdout, because user explicitly specifies those options to get such information. Signed-off-by: Masami Hiramatsu Signed-off-by: Richard Weinberger

um: Use os_info for the messages on normal path

2017-07-05T21:17:42Z

Use os_info() for printing out the messages on the normal execution path. Signed-off-by: Masami Hiramatsu Signed-off-by: Richard Weinberger

um: Use race-free temporary file creation

2016-01-10T20:49:50Z

Open the memory mapped file with the O_TMPFILE flag when available. Signed-off-by: Mickaël Salaün Cc: Jeff Dike Cc: Richard Weinberger Acked-by: Tristan Schmelcher Signed-off-by: Richard Weinberger

um: Do not set unsecure permission for temporary file

2016-01-10T20:49:50Z

Remove the insecure 0777 mode for temporary file to prohibit other users to change the executable mapped code. An attacker could gain access to the mapped file descriptor from the temporary file (before it is unlinked) in a read-only mode but it should not be accessible in write mode to avoid arbitrary code execution. To not change the hostfs behavior, the temporary file creation permission now depends on the current umask(2) and the implementation of mkstemp(3). Signed-off-by: Mickaël Salaün Cc: Jeff Dike Cc: Richard Weinberger Acked-by: Tristan Schmelcher Signed-off-by: Richard Weinberger