From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-18.6 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D085CC43381 for ; Wed, 20 Mar 2019 14:51:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 92F112146E for ; Wed, 20 Mar 2019 14:51:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="LwrR+O4m" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727917AbfCTOvo (ORCPT ); Wed, 20 Mar 2019 10:51:44 -0400 Received: from mail-pf1-f202.google.com ([209.85.210.202]:38264 "EHLO mail-pf1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726688AbfCTOvn (ORCPT ); Wed, 20 Mar 2019 10:51:43 -0400 Received: by mail-pf1-f202.google.com with SMTP id j10so2771806pff.5 for ; Wed, 20 Mar 2019 07:51:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=8Jdo8JXAaSFwkNi1nj9BpVJxrQC94cbMheqiTCFS7Yo=; b=LwrR+O4mkRsHnD5532/v8R2TtOFEGCFucq6n2WAmB8/MTIZDkWB4czsO5UyvLZyMy8 V9C8miBrl6P+oU3otaEXyIg7FttsFbZQQiCV48aUO0Qixvw6E9T4l43BE6LFear6ZnSb R3HigLaVETA0cNwzL4zKG33qixnjLLvzovMdZvcZfhh+pWwlqHnsjrRMSxKy2zOdjGm4 db6GqH2bdUMFyeLeSruqTz0jUeKZOiO3bm3TtKwSxxszbdJfdkFYQgx68jqsYcN2JJdf Zf7A0kFsGqdLSsLQtidsTYjg4dei+9xvZTELAQRj6WUfhpx/K6N7FKuMCgPKG5TGeEKt 5Kgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=8Jdo8JXAaSFwkNi1nj9BpVJxrQC94cbMheqiTCFS7Yo=; b=n4HQOMSF7ynXHTwmUi6DCZeDlrmBJ8QDgsQ0lNLapAfqe1uezIjFtLQ6bcDfGS9XPd I1e0rm8WxFDwv+ulR8aSPT2vEkQfewgGhug4U/5MPvmqw2YnWsy1OGyo+qqXymCaf6Ts nBs0QiHrPlKMxpWQg/9kJzT3ocOTQblZFyM6p/vfElFXoNcDJo85Oj2B81uDuIi6WLTu y+6LpnpVsyRrjLSDjDNclW03n8dOXMBwQtvQ2q1Ac0xvMKY3dww+bEpNEXUH/LSko3VP tNQzisC/1lL7Ks6vc47/QzYEXtcJ0SdCZAwzG0Ww7Esp/PUMxD7wTLzXVlc//c/W0GCm AqtQ== X-Gm-Message-State: APjAAAVC1sKAgaTnBhdSx0UCfEoDf+My1sUsZ/DDAE4dlvZP3otMdUb3 5n0wgp/lFJhwTgwdQXDGm/Jy5nhUvWRzkTm6 X-Google-Smtp-Source: APXvYqwn0PbkydjPbcOK9WPl1CNLLuo9x/FvpAoGIQZB1xmpTwT4CYR3eIpMMr/6KpOWFNred/CURkkWRONRFUzj X-Received: by 2002:a63:fe15:: with SMTP id p21mr364392pgh.52.1553093502567; Wed, 20 Mar 2019 07:51:42 -0700 (PDT) Date: Wed, 20 Mar 2019 15:51:14 +0100 Message-Id: Mime-Version: 1.0 X-Mailer: git-send-email 2.21.0.225.g810b269d1ac-goog Subject: [PATCH v13 00/20] arm64: untag user pointers passed to the kernel From: Andrey Konovalov To: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Vincenzo Frascino , Eric Dumazet , "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Arnaldo Carvalho de Melo , Alex Deucher , "=?UTF-8?q?Christian=20K=C3=B6nig?=" , "David (ChunMing) Zhou" , Yishai Hadas , Mauro Carvalho Chehab , Jens Wiklander , Alex Williamson , linux-arm-kernel@lists.infradead.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, netdev@vger.kernel.org, bpf@vger.kernel.org, amd-gfx@lists.freedesktop.org, dri-devel@lists.freedesktop.org, linux-rdma@vger.kernel.org, linux-media@vger.kernel.org, kvm@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Evgeniy Stepanov , Lee Smith , Ramana Radhakrishnan , Jacob Bramley , Ruben Ayrapetyan , Chintan Pandya , Luc Van Oostenryck , Dave Martin , Kevin Brodsky , Szabolcs Nagy , Andrey Konovalov Content-Type: text/plain; charset="UTF-8" Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org === Overview arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. Right now the kernel is already able to handle user faults with tagged pointers, due to these patches: 1. 81cddd65 ("arm64: traps: fix userspace cache maintenance emulation on a tagged pointer") 2. 7dcd9dd8 ("arm64: hw_breakpoint: fix watchpoint matching for tagged pointers") 3. 276e9327 ("arm64: entry: improve data abort handling of tagged pointers") This patchset extends tagged pointer support to syscall arguments. As per the proposed ABI change [3], tagged pointers are only allowed to be passed to syscalls when they point to memory ranges obtained by anonymous mmap() or sbrk() (see the patchset [3] for more details). For non-memory syscalls this is done by untaging user pointers when the kernel performs pointer checking to find out whether the pointer comes from userspace (most notably in access_ok). The untagging is done only when the pointer is being checked, the tag is preserved as the pointer makes its way through the kernel and stays tagged when the kernel dereferences the pointer when perfoming user memory accesses. Memory syscalls (mmap, mprotect, etc.) don't do user memory accesses but rather deal with memory ranges, and untagged pointers are better suited to describe memory ranges internally. Thus for memory syscalls we untag pointers completely when they enter the kernel. === Other approaches One of the alternative approaches to untagging that was considered is to completely strip the pointer tag as the pointer enters the kernel with some kind of a syscall wrapper, but that won't work with the countless number of different ioctl calls. With this approach we would need a custom wrapper for each ioctl variation, which doesn't seem practical. An alternative approach to untagging pointers in memory syscalls prologues is to inspead allow tagged pointers to be passed to find_vma() (and other vma related functions) and untag them there. Unfortunately, a lot of find_vma() callers then compare or subtract the returned vma start and end fields against the pointer that was being searched. Thus this approach would still require changing all find_vma() callers. === Testing The following testing approaches has been taken to find potential issues with user pointer untagging: 1. Static testing (with sparse [2] and separately with a custom static analyzer based on Clang) to track casts of __user pointers to integer types to find places where untagging needs to be done. 2. Static testing with grep to find parts of the kernel that call find_vma() (and other similar functions) or directly compare against vm_start/vm_end fields of vma. 3. Static testing with grep to find parts of the kernel that compare user pointers with TASK_SIZE or other similar consts and macros. 4. Dynamic testing: adding BUG_ON(has_tag(addr)) to find_vma() and running a modified syzkaller version that passes tagged pointers to the kernel. Based on the results of the testing the requried patches have been added to the patchset. === Notes This patchset is meant to be merged together with "arm64 relaxed ABI" [3]. This patchset is a prerequisite for ARM's memory tagging hardware feature support [4]. This patchset has been merged into the Pixel 2 kernel tree and is now being used to enable testing of Pixel 2 phones with HWASan. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html [2] https://github.com/lucvoo/sparse-dev/commit/5f960cb10f56ec2017c128ef9d16060e0145f292 [3] https://lkml.org/lkml/2019/3/18/819 [4] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architecture-2018-developments-armv85a Changes in v13: - Simplified untagging in tcp_zerocopy_receive(). - Looked at find_vma() callers in drivers/, which allowed to identify a few other places where untagging is needed. - Added patch "mm, arm64: untag user pointers in get_vaddr_frames". - Added patch "drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages". - Added patch "drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr". - Added patch "IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr". - Added patch "media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get". - Added patch "tee/optee, arm64: untag user pointers in check_mem_type". - Added patch "vfio/type1, arm64: untag user pointers". Changes in v12: - Changed untagging in tcp_zerocopy_receive() to also untag zc->address. - Fixed untagging in prctl_set_mm* to only untag pointers for vma lookups and validity checks, but leave them as is for actual user space accesses. - Updated the link to the v2 of the "arm64 relaxed ABI" patchset [3]. - Dropped the documentation patch, as the "arm64 relaxed ABI" patchset [3] handles that. Changes in v11: - Added "uprobes, arm64: untag user pointers in find_active_uprobe" patch. - Added "bpf, arm64: untag user pointers in stack_map_get_build_id_offset" patch. - Fixed "tracing, arm64: untag user pointers in seq_print_user_ip" to correctly perform subtration with a tagged addr. - Moved untagged_addr() from SYSCALL_DEFINE3(mprotect) and SYSCALL_DEFINE4(pkey_mprotect) to do_mprotect_pkey(). - Moved untagged_addr() definition for other arches from include/linux/memory.h to include/linux/mm.h. - Changed untagging in strn*_user() to perform userspace accesses through tagged pointers. - Updated the documentation to mention that passing tagged pointers to memory syscalls is allowed. - Updated the test to use malloc'ed memory instead of stack memory. Changes in v10: - Added "mm, arm64: untag user pointers passed to memory syscalls" back. - New patch "fs, arm64: untag user pointers in fs/userfaultfd.c". - New patch "net, arm64: untag user pointers in tcp_zerocopy_receive". - New patch "kernel, arm64: untag user pointers in prctl_set_mm*". - New patch "tracing, arm64: untag user pointers in seq_print_user_ip". Changes in v9: - Rebased onto 4.20-rc6. - Used u64 instead of __u64 in type casts in the untagged_addr macro for arm64. - Added braces around (addr) in the untagged_addr macro for other arches. Changes in v8: - Rebased onto 65102238 (4.20-rc1). - Added a note to the cover letter on why syscall wrappers/shims that untag user pointers won't work. - Added a note to the cover letter that this patchset has been merged into the Pixel 2 kernel tree. - Documentation fixes, in particular added a list of syscalls that don't support tagged user pointers. Changes in v7: - Rebased onto 17b57b18 (4.19-rc6). - Dropped the "arm64: untag user address in __do_user_fault" patch, since the existing patches already handle user faults properly. - Dropped the "usb, arm64: untag user addresses in devio" patch, since the passed pointer must come from a vma and therefore be untagged. - Dropped the "arm64: annotate user pointers casts detected by sparse" patch (see the discussion to the replies of the v6 of this patchset). - Added more context to the cover letter. - Updated Documentation/arm64/tagged-pointers.txt. Changes in v6: - Added annotations for user pointer casts found by sparse. - Rebased onto 050cdc6c (4.19-rc1+). Changes in v5: - Added 3 new patches that add untagging to places found with static analysis. - Rebased onto 44c929e1 (4.18-rc8). Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped "mm, arm64: untag user addresses in memory syscalls". - Rebased onto 3eb2ce82 (4.16-rc7). Signed-off-by: Andrey Konovalov Andrey Konovalov (20): uaccess: add untagged_addr definition for other arches arm64: untag user pointers in access_ok and __uaccess_mask_ptr lib, arm64: untag user pointers in strn*_user mm, arm64: untag user pointers passed to memory syscalls mm, arm64: untag user pointers in mm/gup.c mm, arm64: untag user pointers in get_vaddr_frames fs, arm64: untag user pointers in copy_mount_options fs, arm64: untag user pointers in fs/userfaultfd.c net, arm64: untag user pointers in tcp_zerocopy_receive kernel, arm64: untag user pointers in prctl_set_mm* tracing, arm64: untag user pointers in seq_print_user_ip uprobes, arm64: untag user pointers in find_active_uprobe bpf, arm64: untag user pointers in stack_map_get_build_id_offset drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get tee/optee, arm64: untag user pointers in check_mem_type vfio/type1, arm64: untag user pointers in vaddr_get_pfn selftests, arm64: add a selftest for passing tagged pointers to kernel arch/arm64/include/asm/uaccess.h | 10 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 ++- drivers/gpu/drm/radeon/radeon_ttm.c | 5 ++- drivers/infiniband/hw/mlx4/mr.c | 7 +-- drivers/media/v4l2-core/videobuf-dma-contig.c | 9 ++-- drivers/tee/optee/call.c | 1 + drivers/vfio/vfio_iommu_type1.c | 2 + fs/namespace.c | 2 +- fs/userfaultfd.c | 5 +++ include/linux/mm.h | 4 ++ ipc/shm.c | 2 + kernel/bpf/stackmap.c | 6 ++- kernel/events/uprobes.c | 2 + kernel/sys.c | 44 +++++++++++++------ kernel/trace/trace_output.c | 5 ++- lib/strncpy_from_user.c | 3 +- lib/strnlen_user.c | 3 +- mm/frame_vector.c | 2 + mm/gup.c | 4 ++ mm/madvise.c | 2 + mm/mempolicy.c | 5 +++ mm/migrate.c | 1 + mm/mincore.c | 2 + mm/mlock.c | 5 +++ mm/mmap.c | 7 +++ mm/mprotect.c | 1 + mm/mremap.c | 2 + mm/msync.c | 2 + net/ipv4/tcp.c | 2 + tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 +++++ .../testing/selftests/arm64/run_tags_test.sh | 12 +++++ tools/testing/selftests/arm64/tags_test.c | 21 +++++++++ 33 files changed, 159 insertions(+), 36 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.21.0.225.g810b269d1ac-goog From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrey Konovalov Subject: [PATCH v13 00/20] arm64: untag user pointers passed to the kernel Date: Wed, 20 Mar 2019 15:51:14 +0100 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: List-Id: Discussion list for AMD gfx List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: amd-gfx-bounces-PD4FTy7X32lNgt0PjOBp9y5qC8QIuHrW@public.gmane.org Sender: "amd-gfx" To: Catalin Marinas , Will Deacon , Mark Rutland , Robin Murphy , Kees Cook , Kate Stewart , Greg Kroah-Hartman , Andrew Morton , Ingo Molnar , "Kirill A . Shutemov" , Shuah Khan , Vincenzo Frascino , Eric Dumazet , "David S. Miller" , Alexei Starovoitov , Daniel Borkmann , Steven Rostedt , Ingo Molnar , Peter Zijlstra , Arnaldo Carvalho de Melo , Alex Deucher , =?UTF-8?q?Christian=20K=C3=B6nig Cc: Kevin Brodsky , Chintan Pandya , Jacob Bramley , Ruben Ayrapetyan , Szabolcs Nagy , Andrey Konovalov , Lee Smith , Kostya Serebryany , Dmitry Vyukov , Ramana Radhakrishnan , Luc Van Oostenryck , Dave Martin , Evgeniy Stepanov PT09IE92ZXJ2aWV3Cgphcm02NCBoYXMgYSBmZWF0dXJlIGNhbGxlZCBUb3AgQnl0ZSBJZ25vcmUs IHdoaWNoIGFsbG93cyB0byBlbWJlZCBwb2ludGVyCnRhZ3MgaW50byB0aGUgdG9wIGJ5dGUgb2Yg ZWFjaCBwb2ludGVyLiBVc2Vyc3BhY2UgcHJvZ3JhbXMgKHN1Y2ggYXMKSFdBU2FuLCBhIG1lbW9y eSBkZWJ1Z2dpbmcgdG9vbCBbMV0pIG1pZ2h0IHVzZSB0aGlzIGZlYXR1cmUgYW5kIHBhc3MKdGFn Z2VkIHVzZXIgcG9pbnRlcnMgdG8gdGhlIGtlcm5lbCB0aHJvdWdoIHN5c2NhbGxzIG9yIG90aGVy IGludGVyZmFjZXMuCgpSaWdodCBub3cgdGhlIGtlcm5lbCBpcyBhbHJlYWR5IGFibGUgdG8gaGFu ZGxlIHVzZXIgZmF1bHRzIHdpdGggdGFnZ2VkCnBvaW50ZXJzLCBkdWUgdG8gdGhlc2UgcGF0Y2hl czoKCjEuIDgxY2RkZDY1ICgiYXJtNjQ6IHRyYXBzOiBmaXggdXNlcnNwYWNlIGNhY2hlIG1haW50 ZW5hbmNlIGVtdWxhdGlvbiBvbiBhCiAgICAgICAgICAgICB0YWdnZWQgcG9pbnRlciIpCjIuIDdk Y2Q5ZGQ4ICgiYXJtNjQ6IGh3X2JyZWFrcG9pbnQ6IGZpeCB3YXRjaHBvaW50IG1hdGNoaW5nIGZv ciB0YWdnZWQKCSAgICAgIHBvaW50ZXJzIikKMy4gMjc2ZTkzMjcgKCJhcm02NDogZW50cnk6IGlt cHJvdmUgZGF0YSBhYm9ydCBoYW5kbGluZyBvZiB0YWdnZWQKCSAgICAgIHBvaW50ZXJzIikKClRo aXMgcGF0Y2hzZXQgZXh0ZW5kcyB0YWdnZWQgcG9pbnRlciBzdXBwb3J0IHRvIHN5c2NhbGwgYXJn dW1lbnRzLgoKQXMgcGVyIHRoZSBwcm9wb3NlZCBBQkkgY2hhbmdlIFszXSwgdGFnZ2VkIHBvaW50 ZXJzIGFyZSBvbmx5IGFsbG93ZWQgdG8gYmUKcGFzc2VkIHRvIHN5c2NhbGxzIHdoZW4gdGhleSBw b2ludCB0byBtZW1vcnkgcmFuZ2VzIG9idGFpbmVkIGJ5IGFub255bW91cwptbWFwKCkgb3Igc2Jy aygpIChzZWUgdGhlIHBhdGNoc2V0IFszXSBmb3IgbW9yZSBkZXRhaWxzKS4KCkZvciBub24tbWVt b3J5IHN5c2NhbGxzIHRoaXMgaXMgZG9uZSBieSB1bnRhZ2luZyB1c2VyIHBvaW50ZXJzIHdoZW4g dGhlCmtlcm5lbCBwZXJmb3JtcyBwb2ludGVyIGNoZWNraW5nIHRvIGZpbmQgb3V0IHdoZXRoZXIg dGhlIHBvaW50ZXIgY29tZXMKZnJvbSB1c2Vyc3BhY2UgKG1vc3Qgbm90YWJseSBpbiBhY2Nlc3Nf b2spLiBUaGUgdW50YWdnaW5nIGlzIGRvbmUgb25seQp3aGVuIHRoZSBwb2ludGVyIGlzIGJlaW5n IGNoZWNrZWQsIHRoZSB0YWcgaXMgcHJlc2VydmVkIGFzIHRoZSBwb2ludGVyCm1ha2VzIGl0cyB3 YXkgdGhyb3VnaCB0aGUga2VybmVsIGFuZCBzdGF5cyB0YWdnZWQgd2hlbiB0aGUga2VybmVsCmRl cmVmZXJlbmNlcyB0aGUgcG9pbnRlciB3aGVuIHBlcmZvbWluZyB1c2VyIG1lbW9yeSBhY2Nlc3Nl cy4KCk1lbW9yeSBzeXNjYWxscyAobW1hcCwgbXByb3RlY3QsIGV0Yy4pIGRvbid0IGRvIHVzZXIg bWVtb3J5IGFjY2Vzc2VzIGJ1dApyYXRoZXIgZGVhbCB3aXRoIG1lbW9yeSByYW5nZXMsIGFuZCB1 bnRhZ2dlZCBwb2ludGVycyBhcmUgYmV0dGVyIHN1aXRlZCB0bwpkZXNjcmliZSBtZW1vcnkgcmFu Z2VzIGludGVybmFsbHkuIFRodXMgZm9yIG1lbW9yeSBzeXNjYWxscyB3ZSB1bnRhZwpwb2ludGVy cyBjb21wbGV0ZWx5IHdoZW4gdGhleSBlbnRlciB0aGUga2VybmVsLgoKPT09IE90aGVyIGFwcHJv YWNoZXMKCk9uZSBvZiB0aGUgYWx0ZXJuYXRpdmUgYXBwcm9hY2hlcyB0byB1bnRhZ2dpbmcgdGhh dCB3YXMgY29uc2lkZXJlZCBpcyB0bwpjb21wbGV0ZWx5IHN0cmlwIHRoZSBwb2ludGVyIHRhZyBh cyB0aGUgcG9pbnRlciBlbnRlcnMgdGhlIGtlcm5lbCB3aXRoCnNvbWUga2luZCBvZiBhIHN5c2Nh bGwgd3JhcHBlciwgYnV0IHRoYXQgd29uJ3Qgd29yayB3aXRoIHRoZSBjb3VudGxlc3MKbnVtYmVy IG9mIGRpZmZlcmVudCBpb2N0bCBjYWxscy4gV2l0aCB0aGlzIGFwcHJvYWNoIHdlIHdvdWxkIG5l ZWQgYSBjdXN0b20Kd3JhcHBlciBmb3IgZWFjaCBpb2N0bCB2YXJpYXRpb24sIHdoaWNoIGRvZXNu J3Qgc2VlbSBwcmFjdGljYWwuCgpBbiBhbHRlcm5hdGl2ZSBhcHByb2FjaCB0byB1bnRhZ2dpbmcg cG9pbnRlcnMgaW4gbWVtb3J5IHN5c2NhbGxzIHByb2xvZ3VlcwppcyB0byBpbnNwZWFkIGFsbG93 IHRhZ2dlZCBwb2ludGVycyB0byBiZSBwYXNzZWQgdG8gZmluZF92bWEoKSAoYW5kIG90aGVyCnZt YSByZWxhdGVkIGZ1bmN0aW9ucykgYW5kIHVudGFnIHRoZW0gdGhlcmUuIFVuZm9ydHVuYXRlbHks IGEgbG90IG9mCmZpbmRfdm1hKCkgY2FsbGVycyB0aGVuIGNvbXBhcmUgb3Igc3VidHJhY3QgdGhl IHJldHVybmVkIHZtYSBzdGFydCBhbmQgZW5kCmZpZWxkcyBhZ2FpbnN0IHRoZSBwb2ludGVyIHRo YXQgd2FzIGJlaW5nIHNlYXJjaGVkLiBUaHVzIHRoaXMgYXBwcm9hY2gKd291bGQgc3RpbGwgcmVx dWlyZSBjaGFuZ2luZyBhbGwgZmluZF92bWEoKSBjYWxsZXJzLgoKPT09IFRlc3RpbmcKClRoZSBm b2xsb3dpbmcgdGVzdGluZyBhcHByb2FjaGVzIGhhcyBiZWVuIHRha2VuIHRvIGZpbmQgcG90ZW50 aWFsIGlzc3Vlcwp3aXRoIHVzZXIgcG9pbnRlciB1bnRhZ2dpbmc6CgoxLiBTdGF0aWMgdGVzdGlu ZyAod2l0aCBzcGFyc2UgWzJdIGFuZCBzZXBhcmF0ZWx5IHdpdGggYSBjdXN0b20gc3RhdGljCiAg IGFuYWx5emVyIGJhc2VkIG9uIENsYW5nKSB0byB0cmFjayBjYXN0cyBvZiBfX3VzZXIgcG9pbnRl cnMgdG8gaW50ZWdlcgogICB0eXBlcyB0byBmaW5kIHBsYWNlcyB3aGVyZSB1bnRhZ2dpbmcgbmVl ZHMgdG8gYmUgZG9uZS4KCjIuIFN0YXRpYyB0ZXN0aW5nIHdpdGggZ3JlcCB0byBmaW5kIHBhcnRz IG9mIHRoZSBrZXJuZWwgdGhhdCBjYWxsCiAgIGZpbmRfdm1hKCkgKGFuZCBvdGhlciBzaW1pbGFy IGZ1bmN0aW9ucykgb3IgZGlyZWN0bHkgY29tcGFyZSBhZ2FpbnN0CiAgIHZtX3N0YXJ0L3ZtX2Vu ZCBmaWVsZHMgb2Ygdm1hLgoKMy4gU3RhdGljIHRlc3Rpbmcgd2l0aCBncmVwIHRvIGZpbmQgcGFy dHMgb2YgdGhlIGtlcm5lbCB0aGF0IGNvbXBhcmUKICAgdXNlciBwb2ludGVycyB3aXRoIFRBU0tf U0laRSBvciBvdGhlciBzaW1pbGFyIGNvbnN0cyBhbmQgbWFjcm9zLgoKNC4gRHluYW1pYyB0ZXN0 aW5nOiBhZGRpbmcgQlVHX09OKGhhc190YWcoYWRkcikpIHRvIGZpbmRfdm1hKCkgYW5kIHJ1bm5p bmcKICAgYSBtb2RpZmllZCBzeXprYWxsZXIgdmVyc2lvbiB0aGF0IHBhc3NlcyB0YWdnZWQgcG9p bnRlcnMgdG8gdGhlIGtlcm5lbC4KCkJhc2VkIG9uIHRoZSByZXN1bHRzIG9mIHRoZSB0ZXN0aW5n IHRoZSByZXF1cmllZCBwYXRjaGVzIGhhdmUgYmVlbiBhZGRlZAp0byB0aGUgcGF0Y2hzZXQuCgo9 PT0gTm90ZXMKClRoaXMgcGF0Y2hzZXQgaXMgbWVhbnQgdG8gYmUgbWVyZ2VkIHRvZ2V0aGVyIHdp dGggImFybTY0IHJlbGF4ZWQgQUJJIiBbM10uCgpUaGlzIHBhdGNoc2V0IGlzIGEgcHJlcmVxdWlz aXRlIGZvciBBUk0ncyBtZW1vcnkgdGFnZ2luZyBoYXJkd2FyZSBmZWF0dXJlCnN1cHBvcnQgWzRd LgoKVGhpcyBwYXRjaHNldCBoYXMgYmVlbiBtZXJnZWQgaW50byB0aGUgUGl4ZWwgMiBrZXJuZWwg dHJlZSBhbmQgaXMgbm93CmJlaW5nIHVzZWQgdG8gZW5hYmxlIHRlc3Rpbmcgb2YgUGl4ZWwgMiBw aG9uZXMgd2l0aCBIV0FTYW4uCgpUaGFua3MhCgpbMV0gaHR0cDovL2NsYW5nLmxsdm0ub3JnL2Rv Y3MvSGFyZHdhcmVBc3Npc3RlZEFkZHJlc3NTYW5pdGl6ZXJEZXNpZ24uaHRtbAoKWzJdIGh0dHBz Oi8vZ2l0aHViLmNvbS9sdWN2b28vc3BhcnNlLWRldi9jb21taXQvNWY5NjBjYjEwZjU2ZWMyMDE3 YzEyOGVmOWQxNjA2MGUwMTQ1ZjI5MgoKWzNdIGh0dHBzOi8vbGttbC5vcmcvbGttbC8yMDE5LzMv MTgvODE5CgpbNF0gaHR0cHM6Ly9jb21tdW5pdHkuYXJtLmNvbS9wcm9jZXNzb3JzL2IvYmxvZy9w b3N0cy9hcm0tYS1wcm9maWxlLWFyY2hpdGVjdHVyZS0yMDE4LWRldmVsb3BtZW50cy1hcm12ODVh CgpDaGFuZ2VzIGluIHYxMzoKLSBTaW1wbGlmaWVkIHVudGFnZ2luZyBpbiB0Y3BfemVyb2NvcHlf cmVjZWl2ZSgpLgotIExvb2tlZCBhdCBmaW5kX3ZtYSgpIGNhbGxlcnMgaW4gZHJpdmVycy8sIHdo aWNoIGFsbG93ZWQgdG8gaWRlbnRpZnkgYQogIGZldyBvdGhlciBwbGFjZXMgd2hlcmUgdW50YWdn aW5nIGlzIG5lZWRlZC4KLSBBZGRlZCBwYXRjaCAibW0sIGFybTY0OiB1bnRhZyB1c2VyIHBvaW50 ZXJzIGluIGdldF92YWRkcl9mcmFtZXMiLgotIEFkZGVkIHBhdGNoICJkcm0vYW1kZ3B1LCBhcm02 NDogdW50YWcgdXNlciBwb2ludGVycyBpbgogIGFtZGdwdV90dG1fdHRfZ2V0X3VzZXJfcGFnZXMi LgotIEFkZGVkIHBhdGNoICJkcm0vcmFkZW9uLCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBp bgogIHJhZGVvbl90dG1fdHRfcGluX3VzZXJwdHIiLgotIEFkZGVkIHBhdGNoICJJQi9tbHg0LCBh cm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbiBtbHg0X2dldF91bWVtX21yIi4KLSBBZGRlZCBw YXRjaCAibWVkaWEvdjRsMi1jb3JlLCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbgogIHZp ZGVvYnVmX2RtYV9jb250aWdfdXNlcl9nZXQiLgotIEFkZGVkIHBhdGNoICJ0ZWUvb3B0ZWUsIGFy bTY0OiB1bnRhZyB1c2VyIHBvaW50ZXJzIGluIGNoZWNrX21lbV90eXBlIi4KLSBBZGRlZCBwYXRj aCAidmZpby90eXBlMSwgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMiLgoKQ2hhbmdlcyBpbiB2 MTI6Ci0gQ2hhbmdlZCB1bnRhZ2dpbmcgaW4gdGNwX3plcm9jb3B5X3JlY2VpdmUoKSB0byBhbHNv IHVudGFnIHpjLT5hZGRyZXNzLgotIEZpeGVkIHVudGFnZ2luZyBpbiBwcmN0bF9zZXRfbW0qIHRv IG9ubHkgdW50YWcgcG9pbnRlcnMgZm9yIHZtYSBsb29rdXBzCiAgYW5kIHZhbGlkaXR5IGNoZWNr cywgYnV0IGxlYXZlIHRoZW0gYXMgaXMgZm9yIGFjdHVhbCB1c2VyIHNwYWNlIGFjY2Vzc2VzLgot IFVwZGF0ZWQgdGhlIGxpbmsgdG8gdGhlIHYyIG9mIHRoZSAiYXJtNjQgcmVsYXhlZCBBQkkiIHBh dGNoc2V0IFszXS4KLSBEcm9wcGVkIHRoZSBkb2N1bWVudGF0aW9uIHBhdGNoLCBhcyB0aGUgImFy bTY0IHJlbGF4ZWQgQUJJIiBwYXRjaHNldCBbM10KICBoYW5kbGVzIHRoYXQuCgpDaGFuZ2VzIGlu IHYxMToKLSBBZGRlZCAidXByb2JlcywgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgaW4gZmlu ZF9hY3RpdmVfdXByb2JlIiBwYXRjaC4KLSBBZGRlZCAiYnBmLCBhcm02NDogdW50YWcgdXNlciBw b2ludGVycyBpbiBzdGFja19tYXBfZ2V0X2J1aWxkX2lkX29mZnNldCIKICBwYXRjaC4KLSBGaXhl ZCAidHJhY2luZywgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgaW4gc2VxX3ByaW50X3VzZXJf aXAiIHRvCiAgY29ycmVjdGx5IHBlcmZvcm0gc3VidHJhdGlvbiB3aXRoIGEgdGFnZ2VkIGFkZHIu Ci0gTW92ZWQgdW50YWdnZWRfYWRkcigpIGZyb20gU1lTQ0FMTF9ERUZJTkUzKG1wcm90ZWN0KSBh bmQKICBTWVNDQUxMX0RFRklORTQocGtleV9tcHJvdGVjdCkgdG8gZG9fbXByb3RlY3RfcGtleSgp LgotIE1vdmVkIHVudGFnZ2VkX2FkZHIoKSBkZWZpbml0aW9uIGZvciBvdGhlciBhcmNoZXMgZnJv bQogIGluY2x1ZGUvbGludXgvbWVtb3J5LmggdG8gaW5jbHVkZS9saW51eC9tbS5oLgotIENoYW5n ZWQgdW50YWdnaW5nIGluIHN0cm4qX3VzZXIoKSB0byBwZXJmb3JtIHVzZXJzcGFjZSBhY2Nlc3Nl cyB0aHJvdWdoCiAgdGFnZ2VkIHBvaW50ZXJzLgotIFVwZGF0ZWQgdGhlIGRvY3VtZW50YXRpb24g dG8gbWVudGlvbiB0aGF0IHBhc3NpbmcgdGFnZ2VkIHBvaW50ZXJzIHRvCiAgbWVtb3J5IHN5c2Nh bGxzIGlzIGFsbG93ZWQuCi0gVXBkYXRlZCB0aGUgdGVzdCB0byB1c2UgbWFsbG9jJ2VkIG1lbW9y eSBpbnN0ZWFkIG9mIHN0YWNrIG1lbW9yeS4KCkNoYW5nZXMgaW4gdjEwOgotIEFkZGVkICJtbSwg YXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgcGFzc2VkIHRvIG1lbW9yeSBzeXNjYWxscyIgYmFj ay4KLSBOZXcgcGF0Y2ggImZzLCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbiBmcy91c2Vy ZmF1bHRmZC5jIi4KLSBOZXcgcGF0Y2ggIm5ldCwgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMg aW4gdGNwX3plcm9jb3B5X3JlY2VpdmUiLgotIE5ldyBwYXRjaCAia2VybmVsLCBhcm02NDogdW50 YWcgdXNlciBwb2ludGVycyBpbiBwcmN0bF9zZXRfbW0qIi4KLSBOZXcgcGF0Y2ggInRyYWNpbmcs IGFybTY0OiB1bnRhZyB1c2VyIHBvaW50ZXJzIGluIHNlcV9wcmludF91c2VyX2lwIi4KCkNoYW5n ZXMgaW4gdjk6Ci0gUmViYXNlZCBvbnRvIDQuMjAtcmM2LgotIFVzZWQgdTY0IGluc3RlYWQgb2Yg X191NjQgaW4gdHlwZSBjYXN0cyBpbiB0aGUgdW50YWdnZWRfYWRkciBtYWNybyBmb3IKICBhcm02 NC4KLSBBZGRlZCBicmFjZXMgYXJvdW5kIChhZGRyKSBpbiB0aGUgdW50YWdnZWRfYWRkciBtYWNy byBmb3Igb3RoZXIgYXJjaGVzLgoKQ2hhbmdlcyBpbiB2ODoKLSBSZWJhc2VkIG9udG8gNjUxMDIy MzggKDQuMjAtcmMxKS4KLSBBZGRlZCBhIG5vdGUgdG8gdGhlIGNvdmVyIGxldHRlciBvbiB3aHkg c3lzY2FsbCB3cmFwcGVycy9zaGltcyB0aGF0IHVudGFnCiAgdXNlciBwb2ludGVycyB3b24ndCB3 b3JrLgotIEFkZGVkIGEgbm90ZSB0byB0aGUgY292ZXIgbGV0dGVyIHRoYXQgdGhpcyBwYXRjaHNl dCBoYXMgYmVlbiBtZXJnZWQgaW50bwogIHRoZSBQaXhlbCAyIGtlcm5lbCB0cmVlLgotIERvY3Vt ZW50YXRpb24gZml4ZXMsIGluIHBhcnRpY3VsYXIgYWRkZWQgYSBsaXN0IG9mIHN5c2NhbGxzIHRo YXQgZG9uJ3QKICBzdXBwb3J0IHRhZ2dlZCB1c2VyIHBvaW50ZXJzLgoKQ2hhbmdlcyBpbiB2NzoK LSBSZWJhc2VkIG9udG8gMTdiNTdiMTggKDQuMTktcmM2KS4KLSBEcm9wcGVkIHRoZSAiYXJtNjQ6 IHVudGFnIHVzZXIgYWRkcmVzcyBpbiBfX2RvX3VzZXJfZmF1bHQiIHBhdGNoLCBzaW5jZQogIHRo ZSBleGlzdGluZyBwYXRjaGVzIGFscmVhZHkgaGFuZGxlIHVzZXIgZmF1bHRzIHByb3Blcmx5Lgot IERyb3BwZWQgdGhlICJ1c2IsIGFybTY0OiB1bnRhZyB1c2VyIGFkZHJlc3NlcyBpbiBkZXZpbyIg cGF0Y2gsIHNpbmNlIHRoZQogIHBhc3NlZCBwb2ludGVyIG11c3QgY29tZSBmcm9tIGEgdm1hIGFu ZCB0aGVyZWZvcmUgYmUgdW50YWdnZWQuCi0gRHJvcHBlZCB0aGUgImFybTY0OiBhbm5vdGF0ZSB1 c2VyIHBvaW50ZXJzIGNhc3RzIGRldGVjdGVkIGJ5IHNwYXJzZSIKICBwYXRjaCAoc2VlIHRoZSBk aXNjdXNzaW9uIHRvIHRoZSByZXBsaWVzIG9mIHRoZSB2NiBvZiB0aGlzIHBhdGNoc2V0KS4KLSBB ZGRlZCBtb3JlIGNvbnRleHQgdG8gdGhlIGNvdmVyIGxldHRlci4KLSBVcGRhdGVkIERvY3VtZW50 YXRpb24vYXJtNjQvdGFnZ2VkLXBvaW50ZXJzLnR4dC4KCkNoYW5nZXMgaW4gdjY6Ci0gQWRkZWQg YW5ub3RhdGlvbnMgZm9yIHVzZXIgcG9pbnRlciBjYXN0cyBmb3VuZCBieSBzcGFyc2UuCi0gUmVi YXNlZCBvbnRvIDA1MGNkYzZjICg0LjE5LXJjMSspLgoKQ2hhbmdlcyBpbiB2NToKLSBBZGRlZCAz IG5ldyBwYXRjaGVzIHRoYXQgYWRkIHVudGFnZ2luZyB0byBwbGFjZXMgZm91bmQgd2l0aCBzdGF0 aWMKICBhbmFseXNpcy4KLSBSZWJhc2VkIG9udG8gNDRjOTI5ZTEgKDQuMTgtcmM4KS4KCkNoYW5n ZXMgaW4gdjQ6Ci0gQWRkZWQgYSBzZWxmdGVzdCBmb3IgY2hlY2tpbmcgdGhhdCBwYXNzaW5nIHRh Z2dlZCBwb2ludGVycyB0byB0aGUKICBrZXJuZWwgc3VjY2VlZHMuCi0gUmViYXNlZCBvbnRvIDgx ZTk3ZjAxMyAoNC4xOC1yYzErKS4KCkNoYW5nZXMgaW4gdjM6Ci0gUmViYXNlZCBvbnRvIGU1YzUx ZjMwICg0LjE3LXJjNispLgotIEFkZGVkIGxpbnV4LWFyY2hAIHRvIHRoZSBsaXN0IG9mIHJlY2lw aWVudHMuCgpDaGFuZ2VzIGluIHYyOgotIFJlYmFzZWQgb250byAyZDYxOGJkZiAoNC4xNy1yYzMr KS4KLSBSZW1vdmVkIGV4Y2Vzc2l2ZSB1bnRhZ2dpbmcgaW4gZ3VwLmMuCi0gUmVtb3ZlZCB1bnRh Z2dpbmcgcG9pbnRlcnMgcmV0dXJuZWQgZnJvbSBfX3VhY2Nlc3NfbWFza19wdHIuCgpDaGFuZ2Vz IGluIHYxOgotIFJlYmFzZWQgb250byA0LjE3LXJjMS4KCkNoYW5nZXMgaW4gUkZDIHYyOgotIEFk ZGVkICIjaWZuZGVmIHVudGFnZ2VkX2FkZHIuLi4iIGZhbGxiYWNrIGluIGxpbnV4L3VhY2Nlc3Mu aCBpbnN0ZWFkIG9mCiAgZGVmaW5pbmcgaXQgZm9yIGVhY2ggYXJjaCBpbmRpdmlkdWFsbHkuCi0g VXBkYXRlZCBEb2N1bWVudGF0aW9uL2FybTY0L3RhZ2dlZC1wb2ludGVycy50eHQuCi0gRHJvcHBl ZCAibW0sIGFybTY0OiB1bnRhZyB1c2VyIGFkZHJlc3NlcyBpbiBtZW1vcnkgc3lzY2FsbHMiLgot IFJlYmFzZWQgb250byAzZWIyY2U4MiAoNC4xNi1yYzcpLgoKU2lnbmVkLW9mZi1ieTogQW5kcmV5 IEtvbm92YWxvdiA8YW5kcmV5a252bEBnb29nbGUuY29tPgoKQW5kcmV5IEtvbm92YWxvdiAoMjAp OgogIHVhY2Nlc3M6IGFkZCB1bnRhZ2dlZF9hZGRyIGRlZmluaXRpb24gZm9yIG90aGVyIGFyY2hl cwogIGFybTY0OiB1bnRhZyB1c2VyIHBvaW50ZXJzIGluIGFjY2Vzc19vayBhbmQgX191YWNjZXNz X21hc2tfcHRyCiAgbGliLCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbiBzdHJuKl91c2Vy CiAgbW0sIGFybTY0OiB1bnRhZyB1c2VyIHBvaW50ZXJzIHBhc3NlZCB0byBtZW1vcnkgc3lzY2Fs bHMKICBtbSwgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgaW4gbW0vZ3VwLmMKICBtbSwgYXJt NjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgaW4gZ2V0X3ZhZGRyX2ZyYW1lcwogIGZzLCBhcm02NDog dW50YWcgdXNlciBwb2ludGVycyBpbiBjb3B5X21vdW50X29wdGlvbnMKICBmcywgYXJtNjQ6IHVu dGFnIHVzZXIgcG9pbnRlcnMgaW4gZnMvdXNlcmZhdWx0ZmQuYwogIG5ldCwgYXJtNjQ6IHVudGFn IHVzZXIgcG9pbnRlcnMgaW4gdGNwX3plcm9jb3B5X3JlY2VpdmUKICBrZXJuZWwsIGFybTY0OiB1 bnRhZyB1c2VyIHBvaW50ZXJzIGluIHByY3RsX3NldF9tbSoKICB0cmFjaW5nLCBhcm02NDogdW50 YWcgdXNlciBwb2ludGVycyBpbiBzZXFfcHJpbnRfdXNlcl9pcAogIHVwcm9iZXMsIGFybTY0OiB1 bnRhZyB1c2VyIHBvaW50ZXJzIGluIGZpbmRfYWN0aXZlX3Vwcm9iZQogIGJwZiwgYXJtNjQ6IHVu dGFnIHVzZXIgcG9pbnRlcnMgaW4gc3RhY2tfbWFwX2dldF9idWlsZF9pZF9vZmZzZXQKICBkcm0v YW1kZ3B1LCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbiBhbWRncHVfdHRtX3R0X2dldF91 c2VyX3BhZ2VzCiAgZHJtL3JhZGVvbiwgYXJtNjQ6IHVudGFnIHVzZXIgcG9pbnRlcnMgaW4gcmFk ZW9uX3R0bV90dF9waW5fdXNlcnB0cgogIElCL21seDQsIGFybTY0OiB1bnRhZyB1c2VyIHBvaW50 ZXJzIGluIG1seDRfZ2V0X3VtZW1fbXIKICBtZWRpYS92NGwyLWNvcmUsIGFybTY0OiB1bnRhZyB1 c2VyIHBvaW50ZXJzIGluCiAgICB2aWRlb2J1Zl9kbWFfY29udGlnX3VzZXJfZ2V0CiAgdGVlL29w dGVlLCBhcm02NDogdW50YWcgdXNlciBwb2ludGVycyBpbiBjaGVja19tZW1fdHlwZQogIHZmaW8v dHlwZTEsIGFybTY0OiB1bnRhZyB1c2VyIHBvaW50ZXJzIGluIHZhZGRyX2dldF9wZm4KICBzZWxm dGVzdHMsIGFybTY0OiBhZGQgYSBzZWxmdGVzdCBmb3IgcGFzc2luZyB0YWdnZWQgcG9pbnRlcnMg dG8ga2VybmVsCgogYXJjaC9hcm02NC9pbmNsdWRlL2FzbS91YWNjZXNzLmggICAgICAgICAgICAg IHwgMTAgKysrLS0KIGRyaXZlcnMvZ3B1L2RybS9hbWQvYW1kZ3B1L2FtZGdwdV90dG0uYyAgICAg ICB8ICA1ICsrLQogZHJpdmVycy9ncHUvZHJtL3JhZGVvbi9yYWRlb25fdHRtLmMgICAgICAgICAg IHwgIDUgKystCiBkcml2ZXJzL2luZmluaWJhbmQvaHcvbWx4NC9tci5jICAgICAgICAgICAgICAg fCAgNyArLS0KIGRyaXZlcnMvbWVkaWEvdjRsMi1jb3JlL3ZpZGVvYnVmLWRtYS1jb250aWcuYyB8 ICA5ICsrLS0KIGRyaXZlcnMvdGVlL29wdGVlL2NhbGwuYyAgICAgICAgICAgICAgICAgICAgICB8 ICAxICsKIGRyaXZlcnMvdmZpby92ZmlvX2lvbW11X3R5cGUxLmMgICAgICAgICAgICAgICB8ICAy ICsKIGZzL25hbWVzcGFjZS5jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAyICst CiBmcy91c2VyZmF1bHRmZC5jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgNSArKysK IGluY2x1ZGUvbGludXgvbW0uaCAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICA0ICsrCiBp cGMvc2htLmMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMiArCiBrZXJu ZWwvYnBmL3N0YWNrbWFwLmMgICAgICAgICAgICAgICAgICAgICAgICAgfCAgNiArKy0KIGtlcm5l bC9ldmVudHMvdXByb2Jlcy5jICAgICAgICAgICAgICAgICAgICAgICB8ICAyICsKIGtlcm5lbC9z eXMuYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8IDQ0ICsrKysrKysrKysrKyst LS0tLS0KIGtlcm5lbC90cmFjZS90cmFjZV9vdXRwdXQuYyAgICAgICAgICAgICAgICAgICB8ICA1 ICsrLQogbGliL3N0cm5jcHlfZnJvbV91c2VyLmMgICAgICAgICAgICAgICAgICAgICAgIHwgIDMg Ky0KIGxpYi9zdHJubGVuX3VzZXIuYyAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICAzICst CiBtbS9mcmFtZV92ZWN0b3IuYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMiArCiBt bS9ndXAuYyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgNCArKwogbW0v bWFkdmlzZS5jICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDIgKwogbW0vbWVt cG9saWN5LmMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDUgKysrCiBtbS9taWdy YXRlLmMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMSArCiBtbS9taW5jb3Jl LmMgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgMiArCiBtbS9tbG9jay5jICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgfCAgNSArKysKIG1tL21tYXAuYyAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICB8ICA3ICsrKwogbW0vbXByb3RlY3QuYyAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDEgKwogbW0vbXJlbWFwLmMgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDIgKwogbW0vbXN5bmMuYyAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgIHwgIDIgKwogbmV0L2lwdjQvdGNwLmMgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAgIHwgIDIgKwogdG9vbHMvdGVzdGluZy9zZWxmdGVzdHMvYXJt NjQvLmdpdGlnbm9yZSAgICAgIHwgIDEgKwogdG9vbHMvdGVzdGluZy9zZWxmdGVzdHMvYXJtNjQv TWFrZWZpbGUgICAgICAgIHwgMTEgKysrKysKIC4uLi90ZXN0aW5nL3NlbGZ0ZXN0cy9hcm02NC9y dW5fdGFnc190ZXN0LnNoICB8IDEyICsrKysrCiB0b29scy90ZXN0aW5nL3NlbGZ0ZXN0cy9hcm02 NC90YWdzX3Rlc3QuYyAgICAgfCAyMSArKysrKysrKysKIDMzIGZpbGVzIGNoYW5nZWQsIDE1OSBp bnNlcnRpb25zKCspLCAzNiBkZWxldGlvbnMoLSkKIGNyZWF0ZSBtb2RlIDEwMDY0NCB0b29scy90 ZXN0aW5nL3NlbGZ0ZXN0cy9hcm02NC8uZ2l0aWdub3JlCiBjcmVhdGUgbW9kZSAxMDA2NDQgdG9v bHMvdGVzdGluZy9zZWxmdGVzdHMvYXJtNjQvTWFrZWZpbGUKIGNyZWF0ZSBtb2RlIDEwMDc1NSB0 b29scy90ZXN0aW5nL3NlbGZ0ZXN0cy9hcm02NC9ydW5fdGFnc190ZXN0LnNoCiBjcmVhdGUgbW9k ZSAxMDA2NDQgdG9vbHMvdGVzdGluZy9zZWxmdGVzdHMvYXJtNjQvdGFnc190ZXN0LmMKCi0tIAoy LjIxLjAuMjI1Lmc4MTBiMjY5ZDFhYy1nb29nCgpfX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fXwphbWQtZ2Z4IG1haWxpbmcgbGlzdAphbWQtZ2Z4QGxpc3RzLmZy ZWVkZXNrdG9wLm9yZwpodHRwczovL2xpc3RzLmZyZWVkZXNrdG9wLm9yZy9tYWlsbWFuL2xpc3Rp bmZvL2FtZC1nZng= From mboxrd@z Thu Jan 1 00:00:00 1970 From: andreyknvl at google.com (Andrey Konovalov) Date: Wed, 20 Mar 2019 15:51:14 +0100 Subject: [PATCH v13 00/20] arm64: untag user pointers passed to the kernel Message-ID: === Overview arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. Right now the kernel is already able to handle user faults with tagged pointers, due to these patches: 1. 81cddd65 ("arm64: traps: fix userspace cache maintenance emulation on a tagged pointer") 2. 7dcd9dd8 ("arm64: hw_breakpoint: fix watchpoint matching for tagged pointers") 3. 276e9327 ("arm64: entry: improve data abort handling of tagged pointers") This patchset extends tagged pointer support to syscall arguments. As per the proposed ABI change [3], tagged pointers are only allowed to be passed to syscalls when they point to memory ranges obtained by anonymous mmap() or sbrk() (see the patchset [3] for more details). For non-memory syscalls this is done by untaging user pointers when the kernel performs pointer checking to find out whether the pointer comes from userspace (most notably in access_ok). The untagging is done only when the pointer is being checked, the tag is preserved as the pointer makes its way through the kernel and stays tagged when the kernel dereferences the pointer when perfoming user memory accesses. Memory syscalls (mmap, mprotect, etc.) don't do user memory accesses but rather deal with memory ranges, and untagged pointers are better suited to describe memory ranges internally. Thus for memory syscalls we untag pointers completely when they enter the kernel. === Other approaches One of the alternative approaches to untagging that was considered is to completely strip the pointer tag as the pointer enters the kernel with some kind of a syscall wrapper, but that won't work with the countless number of different ioctl calls. With this approach we would need a custom wrapper for each ioctl variation, which doesn't seem practical. An alternative approach to untagging pointers in memory syscalls prologues is to inspead allow tagged pointers to be passed to find_vma() (and other vma related functions) and untag them there. Unfortunately, a lot of find_vma() callers then compare or subtract the returned vma start and end fields against the pointer that was being searched. Thus this approach would still require changing all find_vma() callers. === Testing The following testing approaches has been taken to find potential issues with user pointer untagging: 1. Static testing (with sparse [2] and separately with a custom static analyzer based on Clang) to track casts of __user pointers to integer types to find places where untagging needs to be done. 2. Static testing with grep to find parts of the kernel that call find_vma() (and other similar functions) or directly compare against vm_start/vm_end fields of vma. 3. Static testing with grep to find parts of the kernel that compare user pointers with TASK_SIZE or other similar consts and macros. 4. Dynamic testing: adding BUG_ON(has_tag(addr)) to find_vma() and running a modified syzkaller version that passes tagged pointers to the kernel. Based on the results of the testing the requried patches have been added to the patchset. === Notes This patchset is meant to be merged together with "arm64 relaxed ABI" [3]. This patchset is a prerequisite for ARM's memory tagging hardware feature support [4]. This patchset has been merged into the Pixel 2 kernel tree and is now being used to enable testing of Pixel 2 phones with HWASan. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html [2] https://github.com/lucvoo/sparse-dev/commit/5f960cb10f56ec2017c128ef9d16060e0145f292 [3] https://lkml.org/lkml/2019/3/18/819 [4] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architecture-2018-developments-armv85a Changes in v13: - Simplified untagging in tcp_zerocopy_receive(). - Looked at find_vma() callers in drivers/, which allowed to identify a few other places where untagging is needed. - Added patch "mm, arm64: untag user pointers in get_vaddr_frames". - Added patch "drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages". - Added patch "drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr". - Added patch "IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr". - Added patch "media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get". - Added patch "tee/optee, arm64: untag user pointers in check_mem_type". - Added patch "vfio/type1, arm64: untag user pointers". Changes in v12: - Changed untagging in tcp_zerocopy_receive() to also untag zc->address. - Fixed untagging in prctl_set_mm* to only untag pointers for vma lookups and validity checks, but leave them as is for actual user space accesses. - Updated the link to the v2 of the "arm64 relaxed ABI" patchset [3]. - Dropped the documentation patch, as the "arm64 relaxed ABI" patchset [3] handles that. Changes in v11: - Added "uprobes, arm64: untag user pointers in find_active_uprobe" patch. - Added "bpf, arm64: untag user pointers in stack_map_get_build_id_offset" patch. - Fixed "tracing, arm64: untag user pointers in seq_print_user_ip" to correctly perform subtration with a tagged addr. - Moved untagged_addr() from SYSCALL_DEFINE3(mprotect) and SYSCALL_DEFINE4(pkey_mprotect) to do_mprotect_pkey(). - Moved untagged_addr() definition for other arches from include/linux/memory.h to include/linux/mm.h. - Changed untagging in strn*_user() to perform userspace accesses through tagged pointers. - Updated the documentation to mention that passing tagged pointers to memory syscalls is allowed. - Updated the test to use malloc'ed memory instead of stack memory. Changes in v10: - Added "mm, arm64: untag user pointers passed to memory syscalls" back. - New patch "fs, arm64: untag user pointers in fs/userfaultfd.c". - New patch "net, arm64: untag user pointers in tcp_zerocopy_receive". - New patch "kernel, arm64: untag user pointers in prctl_set_mm*". - New patch "tracing, arm64: untag user pointers in seq_print_user_ip". Changes in v9: - Rebased onto 4.20-rc6. - Used u64 instead of __u64 in type casts in the untagged_addr macro for arm64. - Added braces around (addr) in the untagged_addr macro for other arches. Changes in v8: - Rebased onto 65102238 (4.20-rc1). - Added a note to the cover letter on why syscall wrappers/shims that untag user pointers won't work. - Added a note to the cover letter that this patchset has been merged into the Pixel 2 kernel tree. - Documentation fixes, in particular added a list of syscalls that don't support tagged user pointers. Changes in v7: - Rebased onto 17b57b18 (4.19-rc6). - Dropped the "arm64: untag user address in __do_user_fault" patch, since the existing patches already handle user faults properly. - Dropped the "usb, arm64: untag user addresses in devio" patch, since the passed pointer must come from a vma and therefore be untagged. - Dropped the "arm64: annotate user pointers casts detected by sparse" patch (see the discussion to the replies of the v6 of this patchset). - Added more context to the cover letter. - Updated Documentation/arm64/tagged-pointers.txt. Changes in v6: - Added annotations for user pointer casts found by sparse. - Rebased onto 050cdc6c (4.19-rc1+). Changes in v5: - Added 3 new patches that add untagging to places found with static analysis. - Rebased onto 44c929e1 (4.18-rc8). Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped "mm, arm64: untag user addresses in memory syscalls". - Rebased onto 3eb2ce82 (4.16-rc7). Signed-off-by: Andrey Konovalov Andrey Konovalov (20): uaccess: add untagged_addr definition for other arches arm64: untag user pointers in access_ok and __uaccess_mask_ptr lib, arm64: untag user pointers in strn*_user mm, arm64: untag user pointers passed to memory syscalls mm, arm64: untag user pointers in mm/gup.c mm, arm64: untag user pointers in get_vaddr_frames fs, arm64: untag user pointers in copy_mount_options fs, arm64: untag user pointers in fs/userfaultfd.c net, arm64: untag user pointers in tcp_zerocopy_receive kernel, arm64: untag user pointers in prctl_set_mm* tracing, arm64: untag user pointers in seq_print_user_ip uprobes, arm64: untag user pointers in find_active_uprobe bpf, arm64: untag user pointers in stack_map_get_build_id_offset drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get tee/optee, arm64: untag user pointers in check_mem_type vfio/type1, arm64: untag user pointers in vaddr_get_pfn selftests, arm64: add a selftest for passing tagged pointers to kernel arch/arm64/include/asm/uaccess.h | 10 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 ++- drivers/gpu/drm/radeon/radeon_ttm.c | 5 ++- drivers/infiniband/hw/mlx4/mr.c | 7 +-- drivers/media/v4l2-core/videobuf-dma-contig.c | 9 ++-- drivers/tee/optee/call.c | 1 + drivers/vfio/vfio_iommu_type1.c | 2 + fs/namespace.c | 2 +- fs/userfaultfd.c | 5 +++ include/linux/mm.h | 4 ++ ipc/shm.c | 2 + kernel/bpf/stackmap.c | 6 ++- kernel/events/uprobes.c | 2 + kernel/sys.c | 44 +++++++++++++------ kernel/trace/trace_output.c | 5 ++- lib/strncpy_from_user.c | 3 +- lib/strnlen_user.c | 3 +- mm/frame_vector.c | 2 + mm/gup.c | 4 ++ mm/madvise.c | 2 + mm/mempolicy.c | 5 +++ mm/migrate.c | 1 + mm/mincore.c | 2 + mm/mlock.c | 5 +++ mm/mmap.c | 7 +++ mm/mprotect.c | 1 + mm/mremap.c | 2 + mm/msync.c | 2 + net/ipv4/tcp.c | 2 + tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 +++++ .../testing/selftests/arm64/run_tags_test.sh | 12 +++++ tools/testing/selftests/arm64/tags_test.c | 21 +++++++++ 33 files changed, 159 insertions(+), 36 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.21.0.225.g810b269d1ac-goog From mboxrd@z Thu Jan 1 00:00:00 1970 From: andreyknvl@google.com (Andrey Konovalov) Date: Wed, 20 Mar 2019 15:51:14 +0100 Subject: [PATCH v13 00/20] arm64: untag user pointers passed to the kernel Message-ID: Content-Type: text/plain; charset="UTF-8" Message-ID: <20190320145114.lmoCurB3XvzxLyBBTDtWTAaUkVVytNbm8fvgVTCQt78@z> === Overview arm64 has a feature called Top Byte Ignore, which allows to embed pointer tags into the top byte of each pointer. Userspace programs (such as HWASan, a memory debugging tool [1]) might use this feature and pass tagged user pointers to the kernel through syscalls or other interfaces. Right now the kernel is already able to handle user faults with tagged pointers, due to these patches: 1. 81cddd65 ("arm64: traps: fix userspace cache maintenance emulation on a tagged pointer") 2. 7dcd9dd8 ("arm64: hw_breakpoint: fix watchpoint matching for tagged pointers") 3. 276e9327 ("arm64: entry: improve data abort handling of tagged pointers") This patchset extends tagged pointer support to syscall arguments. As per the proposed ABI change [3], tagged pointers are only allowed to be passed to syscalls when they point to memory ranges obtained by anonymous mmap() or sbrk() (see the patchset [3] for more details). For non-memory syscalls this is done by untaging user pointers when the kernel performs pointer checking to find out whether the pointer comes from userspace (most notably in access_ok). The untagging is done only when the pointer is being checked, the tag is preserved as the pointer makes its way through the kernel and stays tagged when the kernel dereferences the pointer when perfoming user memory accesses. Memory syscalls (mmap, mprotect, etc.) don't do user memory accesses but rather deal with memory ranges, and untagged pointers are better suited to describe memory ranges internally. Thus for memory syscalls we untag pointers completely when they enter the kernel. === Other approaches One of the alternative approaches to untagging that was considered is to completely strip the pointer tag as the pointer enters the kernel with some kind of a syscall wrapper, but that won't work with the countless number of different ioctl calls. With this approach we would need a custom wrapper for each ioctl variation, which doesn't seem practical. An alternative approach to untagging pointers in memory syscalls prologues is to inspead allow tagged pointers to be passed to find_vma() (and other vma related functions) and untag them there. Unfortunately, a lot of find_vma() callers then compare or subtract the returned vma start and end fields against the pointer that was being searched. Thus this approach would still require changing all find_vma() callers. === Testing The following testing approaches has been taken to find potential issues with user pointer untagging: 1. Static testing (with sparse [2] and separately with a custom static analyzer based on Clang) to track casts of __user pointers to integer types to find places where untagging needs to be done. 2. Static testing with grep to find parts of the kernel that call find_vma() (and other similar functions) or directly compare against vm_start/vm_end fields of vma. 3. Static testing with grep to find parts of the kernel that compare user pointers with TASK_SIZE or other similar consts and macros. 4. Dynamic testing: adding BUG_ON(has_tag(addr)) to find_vma() and running a modified syzkaller version that passes tagged pointers to the kernel. Based on the results of the testing the requried patches have been added to the patchset. === Notes This patchset is meant to be merged together with "arm64 relaxed ABI" [3]. This patchset is a prerequisite for ARM's memory tagging hardware feature support [4]. This patchset has been merged into the Pixel 2 kernel tree and is now being used to enable testing of Pixel 2 phones with HWASan. Thanks! [1] http://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html [2] https://github.com/lucvoo/sparse-dev/commit/5f960cb10f56ec2017c128ef9d16060e0145f292 [3] https://lkml.org/lkml/2019/3/18/819 [4] https://community.arm.com/processors/b/blog/posts/arm-a-profile-architecture-2018-developments-armv85a Changes in v13: - Simplified untagging in tcp_zerocopy_receive(). - Looked at find_vma() callers in drivers/, which allowed to identify a few other places where untagging is needed. - Added patch "mm, arm64: untag user pointers in get_vaddr_frames". - Added patch "drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages". - Added patch "drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr". - Added patch "IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr". - Added patch "media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get". - Added patch "tee/optee, arm64: untag user pointers in check_mem_type". - Added patch "vfio/type1, arm64: untag user pointers". Changes in v12: - Changed untagging in tcp_zerocopy_receive() to also untag zc->address. - Fixed untagging in prctl_set_mm* to only untag pointers for vma lookups and validity checks, but leave them as is for actual user space accesses. - Updated the link to the v2 of the "arm64 relaxed ABI" patchset [3]. - Dropped the documentation patch, as the "arm64 relaxed ABI" patchset [3] handles that. Changes in v11: - Added "uprobes, arm64: untag user pointers in find_active_uprobe" patch. - Added "bpf, arm64: untag user pointers in stack_map_get_build_id_offset" patch. - Fixed "tracing, arm64: untag user pointers in seq_print_user_ip" to correctly perform subtration with a tagged addr. - Moved untagged_addr() from SYSCALL_DEFINE3(mprotect) and SYSCALL_DEFINE4(pkey_mprotect) to do_mprotect_pkey(). - Moved untagged_addr() definition for other arches from include/linux/memory.h to include/linux/mm.h. - Changed untagging in strn*_user() to perform userspace accesses through tagged pointers. - Updated the documentation to mention that passing tagged pointers to memory syscalls is allowed. - Updated the test to use malloc'ed memory instead of stack memory. Changes in v10: - Added "mm, arm64: untag user pointers passed to memory syscalls" back. - New patch "fs, arm64: untag user pointers in fs/userfaultfd.c". - New patch "net, arm64: untag user pointers in tcp_zerocopy_receive". - New patch "kernel, arm64: untag user pointers in prctl_set_mm*". - New patch "tracing, arm64: untag user pointers in seq_print_user_ip". Changes in v9: - Rebased onto 4.20-rc6. - Used u64 instead of __u64 in type casts in the untagged_addr macro for arm64. - Added braces around (addr) in the untagged_addr macro for other arches. Changes in v8: - Rebased onto 65102238 (4.20-rc1). - Added a note to the cover letter on why syscall wrappers/shims that untag user pointers won't work. - Added a note to the cover letter that this patchset has been merged into the Pixel 2 kernel tree. - Documentation fixes, in particular added a list of syscalls that don't support tagged user pointers. Changes in v7: - Rebased onto 17b57b18 (4.19-rc6). - Dropped the "arm64: untag user address in __do_user_fault" patch, since the existing patches already handle user faults properly. - Dropped the "usb, arm64: untag user addresses in devio" patch, since the passed pointer must come from a vma and therefore be untagged. - Dropped the "arm64: annotate user pointers casts detected by sparse" patch (see the discussion to the replies of the v6 of this patchset). - Added more context to the cover letter. - Updated Documentation/arm64/tagged-pointers.txt. Changes in v6: - Added annotations for user pointer casts found by sparse. - Rebased onto 050cdc6c (4.19-rc1+). Changes in v5: - Added 3 new patches that add untagging to places found with static analysis. - Rebased onto 44c929e1 (4.18-rc8). Changes in v4: - Added a selftest for checking that passing tagged pointers to the kernel succeeds. - Rebased onto 81e97f013 (4.18-rc1+). Changes in v3: - Rebased onto e5c51f30 (4.17-rc6+). - Added linux-arch@ to the list of recipients. Changes in v2: - Rebased onto 2d618bdf (4.17-rc3+). - Removed excessive untagging in gup.c. - Removed untagging pointers returned from __uaccess_mask_ptr. Changes in v1: - Rebased onto 4.17-rc1. Changes in RFC v2: - Added "#ifndef untagged_addr..." fallback in linux/uaccess.h instead of defining it for each arch individually. - Updated Documentation/arm64/tagged-pointers.txt. - Dropped "mm, arm64: untag user addresses in memory syscalls". - Rebased onto 3eb2ce82 (4.16-rc7). Signed-off-by: Andrey Konovalov Andrey Konovalov (20): uaccess: add untagged_addr definition for other arches arm64: untag user pointers in access_ok and __uaccess_mask_ptr lib, arm64: untag user pointers in strn*_user mm, arm64: untag user pointers passed to memory syscalls mm, arm64: untag user pointers in mm/gup.c mm, arm64: untag user pointers in get_vaddr_frames fs, arm64: untag user pointers in copy_mount_options fs, arm64: untag user pointers in fs/userfaultfd.c net, arm64: untag user pointers in tcp_zerocopy_receive kernel, arm64: untag user pointers in prctl_set_mm* tracing, arm64: untag user pointers in seq_print_user_ip uprobes, arm64: untag user pointers in find_active_uprobe bpf, arm64: untag user pointers in stack_map_get_build_id_offset drm/amdgpu, arm64: untag user pointers in amdgpu_ttm_tt_get_user_pages drm/radeon, arm64: untag user pointers in radeon_ttm_tt_pin_userptr IB/mlx4, arm64: untag user pointers in mlx4_get_umem_mr media/v4l2-core, arm64: untag user pointers in videobuf_dma_contig_user_get tee/optee, arm64: untag user pointers in check_mem_type vfio/type1, arm64: untag user pointers in vaddr_get_pfn selftests, arm64: add a selftest for passing tagged pointers to kernel arch/arm64/include/asm/uaccess.h | 10 +++-- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 5 ++- drivers/gpu/drm/radeon/radeon_ttm.c | 5 ++- drivers/infiniband/hw/mlx4/mr.c | 7 +-- drivers/media/v4l2-core/videobuf-dma-contig.c | 9 ++-- drivers/tee/optee/call.c | 1 + drivers/vfio/vfio_iommu_type1.c | 2 + fs/namespace.c | 2 +- fs/userfaultfd.c | 5 +++ include/linux/mm.h | 4 ++ ipc/shm.c | 2 + kernel/bpf/stackmap.c | 6 ++- kernel/events/uprobes.c | 2 + kernel/sys.c | 44 +++++++++++++------ kernel/trace/trace_output.c | 5 ++- lib/strncpy_from_user.c | 3 +- lib/strnlen_user.c | 3 +- mm/frame_vector.c | 2 + mm/gup.c | 4 ++ mm/madvise.c | 2 + mm/mempolicy.c | 5 +++ mm/migrate.c | 1 + mm/mincore.c | 2 + mm/mlock.c | 5 +++ mm/mmap.c | 7 +++ mm/mprotect.c | 1 + mm/mremap.c | 2 + mm/msync.c | 2 + net/ipv4/tcp.c | 2 + tools/testing/selftests/arm64/.gitignore | 1 + tools/testing/selftests/arm64/Makefile | 11 +++++ .../testing/selftests/arm64/run_tags_test.sh | 12 +++++ tools/testing/selftests/arm64/tags_test.c | 21 +++++++++ 33 files changed, 159 insertions(+), 36 deletions(-) create mode 100644 tools/testing/selftests/arm64/.gitignore create mode 100644 tools/testing/selftests/arm64/Makefile create mode 100755 tools/testing/selftests/arm64/run_tags_test.sh create mode 100644 tools/testing/selftests/arm64/tags_test.c -- 2.21.0.225.g810b269d1ac-goog