From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on archive.lwn.net X-Spam-Level: X-Spam-Status: No, score=-5.6 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham autolearn_force=no version=3.4.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by archive.lwn.net (Postfix) with ESMTP id 0F6FD7DE78 for ; Thu, 3 May 2018 14:15:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751196AbeECOPv (ORCPT ); Thu, 3 May 2018 10:15:51 -0400 Received: from mail-wr0-f196.google.com ([209.85.128.196]:45242 "EHLO mail-wr0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751137AbeECOPu (ORCPT ); Thu, 3 May 2018 10:15:50 -0400 Received: by mail-wr0-f196.google.com with SMTP id p5-v6so17772325wre.12 for ; Thu, 03 May 2018 07:15:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3iyOCvdTtKCcNI/lruG5bBsgXD2YXzDb9B51QoQdONA=; b=HNL7tfGRGXmk/8IUUS7iD7KZRmkBEclymMuKsNqnEhgNaHjTqNhG6Vnkq/queEKCGO Ir4YWDgA0dutQDBA4tuucqXGX2ex+4nnRbejVuOzoBkI8O9TGMtfRbam8BippTVyQGU/ fes3sxN2yl0CFbQdBYzyWt2elyoeGUGR1nA/sm6Y4GKouPSUeKmHhQ6rSjp3OZjz9bDV /0MtIqte05kVI75FgDlYQH1LdR64LV7P1KrqV1Z+29Vbtoh/2w2s2vCK5043Mcns+46/ bCaolKbli5ZwbuCQ8+cVEHN5tnY7hVGfzBH6yyn0YdwI0d3iCeJDc22crkn6w0YAz+Fv 4wIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3iyOCvdTtKCcNI/lruG5bBsgXD2YXzDb9B51QoQdONA=; b=Z48jueZTlF/tqsfEUMqUzAGBjJsLP+++2DDtiEQRP+THPAeg0HhhSwTP/Feo+4h6ET qK+DlkgdlBujO9h0dofeJTxQZpRsp/QToODSP921kDu5nbBbSidEoOmzV8r9dg2MBQT9 cVo0aZNOFcNSz+Ae+LCret4DObibtDqBPKplwPRVQxY3gvYezSkJrxrkRrheT5f5SHgV +b0tTX76THoGWGgR7BWlLJdcK7PttkBqMULtKn43SiPJhss3MIOPxyHlGiQwLuOSSF1a AxH9/2Vp55m6ShQ3YiyWmbLeQ/7DihhgLzGlLWZ2q9BtrSICoXyYV8qO8nKP3/tJwKQz 4tDQ== X-Gm-Message-State: ALQs6tCWeH0wx4lDY9nll+cKl9kqvarQrVcSt55UYQfvsG3+PvQ2UqFe ZTzwJtON3yArYFhHh6QubsgmJw== X-Google-Smtp-Source: AB8JxZpUMKviSo9q3U7HtXcB5vYNzMNA6xKRTvKqUylty4bgDSbMUK5dKwetBGk4P8N6EkBT4qoYFw== X-Received: by 2002:adf:8d90:: with SMTP id o16-v6mr17910172wrb.81.1525356948334; Thu, 03 May 2018 07:15:48 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([2a00:79e0:15:10:84be:a42a:826d:c530]) by smtp.gmail.com with ESMTPSA id u20-v6sm22090298wru.33.2018.05.03.07.15.45 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 03 May 2018 07:15:47 -0700 (PDT) From: Andrey Konovalov To: Catalin Marinas , Will Deacon , Jonathan Corbet , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , James Morse , Kees Cook , Bart Van Assche , Kate Stewart , Greg Kroah-Hartman , Thomas Gleixner , Philippe Ombredanne , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Dan Williams , "Aneesh Kumar K . V" , Zi Yan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya Subject: [PATCH v2 0/6] arm64: untag user pointers passed to the kernel Date: Thu, 3 May 2018 16:15:38 +0200 Message-Id: X-Mailer: git-send-email 2.17.0.441.gb46fe60e1d-goog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-doc-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-doc@vger.kernel.org Hi! arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. We're not trying to cover all possible ways the kernel accepts user pointers in one patchset, so this one should be considered as a start. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped “mm, arm64: untag user addresses in memory syscalls”. - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (6): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: update Documentation/arm64/tagged-pointers.txt Documentation/arm64/tagged-pointers.txt | 5 +++-- arch/arm64/include/asm/uaccess.h | 14 +++++++++----- include/linux/uaccess.h | 4 ++++ lib/strncpy_from_user.c | 2 ++ lib/strnlen_user.c | 2 ++ mm/gup.c | 4 ++++ 6 files changed, 24 insertions(+), 7 deletions(-) -- 2.17.0.441.gb46fe60e1d-goog -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 From: andreyknvl@google.com (Andrey Konovalov) Date: Thu, 3 May 2018 16:15:38 +0200 Subject: [PATCH v2 0/6] arm64: untag user pointers passed to the kernel Message-ID: To: linux-arm-kernel@lists.infradead.org List-Id: linux-arm-kernel.lists.infradead.org Hi! arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. We're not trying to cover all possible ways the kernel accepts user pointers in one patchset, so this one should be considered as a start. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped ?mm, arm64: untag user addresses in memory syscalls?. - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (6): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: update Documentation/arm64/tagged-pointers.txt Documentation/arm64/tagged-pointers.txt | 5 +++-- arch/arm64/include/asm/uaccess.h | 14 +++++++++----- include/linux/uaccess.h | 4 ++++ lib/strncpy_from_user.c | 2 ++ lib/strnlen_user.c | 2 ++ mm/gup.c | 4 ++++ 6 files changed, 24 insertions(+), 7 deletions(-) -- 2.17.0.441.gb46fe60e1d-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wr0-f199.google.com (mail-wr0-f199.google.com [209.85.128.199]) by kanga.kvack.org (Postfix) with ESMTP id B82776B000A for ; Thu, 3 May 2018 10:15:50 -0400 (EDT) Received: by mail-wr0-f199.google.com with SMTP id r23-v6so12381809wrc.2 for ; Thu, 03 May 2018 07:15:50 -0700 (PDT) Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65]) by mx.google.com with SMTPS id w77-v6sor6252640wrb.67.2018.05.03.07.15.49 for (Google Transport Security); Thu, 03 May 2018 07:15:49 -0700 (PDT) From: Andrey Konovalov Subject: [PATCH v2 0/6] arm64: untag user pointers passed to the kernel Date: Thu, 3 May 2018 16:15:38 +0200 Message-Id: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: owner-linux-mm@kvack.org List-ID: To: Catalin Marinas , Will Deacon , Jonathan Corbet , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , James Morse , Kees Cook , Bart Van Assche , Kate Stewart , Greg Kroah-Hartman , Thomas Gleixner , Philippe Ombredanne , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Dan Williams , "Aneesh Kumar K . V" , Zi Yan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya Hi! arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. We're not trying to cover all possible ways the kernel accepts user pointers in one patchset, so this one should be considered as a start. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped a??mm, arm64: untag user addresses in memory syscallsa??. - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (6): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: update Documentation/arm64/tagged-pointers.txt Documentation/arm64/tagged-pointers.txt | 5 +++-- arch/arm64/include/asm/uaccess.h | 14 +++++++++----- include/linux/uaccess.h | 4 ++++ lib/strncpy_from_user.c | 2 ++ lib/strnlen_user.c | 2 ++ mm/gup.c | 4 ++++ 6 files changed, 24 insertions(+), 7 deletions(-) -- 2.17.0.441.gb46fe60e1d-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: ARC-Seal: i=1; a=rsa-sha256; t=1525356949; cv=none; d=google.com; s=arc-20160816; b=QT10zi8s9m7bFDMwwH7e0dlqoxqakWRWZ2QOvamjT9hHcV9RsvsW1xM5jzLcYWRTQE +5eGZzjDHumYi8JmvS2xNvV8BjI8R4Soaj3kSg4df3SzmAvMj+ERhWeCXlHffnCx/c1c TulkWbpC3t2YFhZ2AaeZS3409osIETDL1uA6t+elWaH9YKRysDeAHSKQtXlQnUUwj357 Xiq/ceCQR/9q6zQtpo2lFvFEz0+kLJ4Z+YCQbaJhlfLON4U/bvPtUopD2f5gqRmIJvWI NNjneWaMKLWZEDnKQsaB7+53sEYYcP6U92agrSoONsa963iIHl95vth1bE6WgTw24YZX nh9g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:dkim-signature:arc-authentication-results; bh=3iyOCvdTtKCcNI/lruG5bBsgXD2YXzDb9B51QoQdONA=; b=jJo7UbjdBhaSAc4pSJakEhUa2WUJRDsM+AfLbM3e+7/s8pw8cVBUBTU4uJGr2rxCey 8rlzqiPdXdPEaVgMrowl2oxJV49LGd2MC4AQxTfRYvfOqJkrkthQYuUTMp5B6KsduouO Jk6zOjK4Lz+bXNyBV5bT5DmAzQAc0Mb4Ex/jhwsDFwgkFg4XV6Sjquz3F5bNEO5Tzfdk 2vYlWvtVMF1FwHWmYLO/MDl4v3wBL1MpY1FPLY6Fe8uKNWcD5SKKlbJvolYCaDOiJ4nx CEjge7vh/0QdEtI+bw28Wm0fQIReoyn1PGygXZ1nX7hRQGqinIFXOpo7OyYXfMIdpHA8 a4jA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HNL7tfGR; spf=pass (google.com: domain of andreyknvl@google.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=andreyknvl@google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=HNL7tfGR; spf=pass (google.com: domain of andreyknvl@google.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=andreyknvl@google.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com X-Google-Smtp-Source: AB8JxZpUMKviSo9q3U7HtXcB5vYNzMNA6xKRTvKqUylty4bgDSbMUK5dKwetBGk4P8N6EkBT4qoYFw== From: Andrey Konovalov To: Catalin Marinas , Will Deacon , Jonathan Corbet , Mark Rutland , Robin Murphy , Al Viro , Andrey Konovalov , James Morse , Kees Cook , Bart Van Assche , Kate Stewart , Greg Kroah-Hartman , Thomas Gleixner , Philippe Ombredanne , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Dan Williams , "Aneesh Kumar K . V" , Zi Yan , linux-arm-kernel@lists.infradead.org, linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya Subject: [PATCH v2 0/6] arm64: untag user pointers passed to the kernel Date: Thu, 3 May 2018 16:15:38 +0200 Message-Id: X-Mailer: git-send-email 2.17.0.441.gb46fe60e1d-goog MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: =?utf-8?q?1599452688673669320?= X-GMAIL-MSGID: =?utf-8?q?1599452688673669320?= X-Mailing-List: linux-kernel@vger.kernel.org List-ID: Hi! arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. This patch makes a few of the kernel interfaces accept tagged user pointers. The kernel is already able to handle user faults with tagged pointers and has the untagged_addr macro, which this patchset reuses. We're not trying to cover all possible ways the kernel accepts user pointers in one patchset, so this one should be considered as a start. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped “mm, arm64: untag user addresses in memory syscalls”. - Rebased onto 3eb2ce82 (4.16-rc7). Andrey Konovalov (6): arm64: add type casts to untagged_addr macro uaccess: add untagged_addr definition for other arches arm64: untag user addresses in access_ok and __uaccess_mask_ptr mm, arm64: untag user addresses in mm/gup.c lib, arm64: untag addrs passed to strncpy_from_user and strnlen_user arm64: update Documentation/arm64/tagged-pointers.txt Documentation/arm64/tagged-pointers.txt | 5 +++-- arch/arm64/include/asm/uaccess.h | 14 +++++++++----- include/linux/uaccess.h | 4 ++++ lib/strncpy_from_user.c | 2 ++ lib/strnlen_user.c | 2 ++ mm/gup.c | 4 ++++ 6 files changed, 24 insertions(+), 7 deletions(-) -- 2.17.0.441.gb46fe60e1d-goog