From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,T_DKIMWL_WL_HIGH,USER_AGENT_NEOMUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1FA33C4321A for ; Tue, 11 Jun 2019 17:39:17 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id CD8F321734 for ; Tue, 11 Jun 2019 17:39:16 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="FAY+X8JS" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CD8F321734 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=arm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:In-Reply-To:MIME-Version:References: Message-ID:Subject:To:From:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=L/GlJCPrriYWJ4wQ/2rUxX0nsDGOpUud1bSZzvCS6qE=; b=FAY+X8JSQEuGOf aTfTvEtPNHG9ul1ZQrXaNt9H7S+Q5uRUtsvFRQrq7/n2oo249ow8Ii3mPtrOZDj5BUhB+oG2zV3Cg UVZ1I7aaqVQbdB0zABjZKrk9o9UqJPPE+YpdO82mKvD7MWvFWUhUMSfd1iEak5IQoc34Cz7SWqLKk dgjhZeM17WHOVODIXXEbmkAFItNVpNHZbR6luSaBE43T0G+dj1eKbSe/0NsUTidSAdKqKULoscvbd x0qckXzdSANFHtRt4obGEuQLnoZdJVhH7+ySRDhidkt42uY7F0jh2HoV0VwwmlBJuLdXWRkrIA76x mWzrVMZSxn2b+Szw+CxA==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hakjr-0006DD-UE; Tue, 11 Jun 2019 17:39:15 +0000 Received: from foss.arm.com ([217.140.110.172]) by bombadil.infradead.org with esmtp (Exim 4.92 #3 (Red Hat Linux)) id 1hakjo-0006Bq-FO for linux-arm-kernel@lists.infradead.org; Tue, 11 Jun 2019 17:39:14 +0000 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id BBF6D337; Tue, 11 Jun 2019 10:39:11 -0700 (PDT) Received: from mbp (unknown [172.31.20.19]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7B7793F73C; Tue, 11 Jun 2019 10:39:06 -0700 (PDT) Date: Tue, 11 Jun 2019 18:39:04 +0100 From: Catalin Marinas To: Andrey Konovalov Subject: Re: [PATCH v16 02/16] arm64: untag user pointers in access_ok and __uaccess_mask_ptr Message-ID: <20190611173903.4icrfmoyfvms35cy@mbp> References: <4327b260fb17c4776a1e3c844f388e4948cfb747.1559580831.git.andreyknvl@google.com> <20190610175326.GC25803@arrakis.emea.arm.com> <20190611145720.GA63588@arrakis.emea.arm.com> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: NeoMutt/20170113 (1.7.2) X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20190611_103912_607620_2566CE41 X-CRM114-Status: GOOD ( 21.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Mark Rutland , kvm@vger.kernel.org, Christian Koenig , Szabolcs Nagy , Will Deacon , dri-devel@lists.freedesktop.org, Linux Memory Management List , Khalid Aziz , Lee Smith , "open list:KERNEL SELFTEST FRAMEWORK" , Vincenzo Frascino , Jacob Bramley , Leon Romanovsky , linux-rdma@vger.kernel.org, amd-gfx@lists.freedesktop.org, Christoph Hellwig , Jason Gunthorpe , Linux ARM , Dave Martin , Evgeniy Stepanov , linux-media@vger.kernel.org, Kees Cook , Ruben Ayrapetyan , Kevin Brodsky , Alex Williamson , Mauro Carvalho Chehab , Dmitry Vyukov , Kostya Serebryany , Greg Kroah-Hartman , Felix Kuehling , LKML , Jens Wiklander , Ramana Radhakrishnan , Alexander Deucher , Andrew Morton , enh , Robin Murphy , Yishai Hadas , Luc Van Oostenryck Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org On Tue, Jun 11, 2019 at 07:09:46PM +0200, Andrey Konovalov wrote: > On Tue, Jun 11, 2019 at 4:57 PM Catalin Marinas wrote: > > > > On Mon, Jun 10, 2019 at 06:53:27PM +0100, Catalin Marinas wrote: > > > On Mon, Jun 03, 2019 at 06:55:04PM +0200, Andrey Konovalov wrote: > > > > diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h > > > > index e5d5f31c6d36..9164ecb5feca 100644 > > > > --- a/arch/arm64/include/asm/uaccess.h > > > > +++ b/arch/arm64/include/asm/uaccess.h > > > > @@ -94,7 +94,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si > > > > return ret; > > > > } > > > > > > > > -#define access_ok(addr, size) __range_ok(addr, size) > > > > +#define access_ok(addr, size) __range_ok(untagged_addr(addr), size) > > > > > > I'm going to propose an opt-in method here (RFC for now). We can't have > > > a check in untagged_addr() since this is already used throughout the > > > kernel for both user and kernel addresses (khwasan) but we can add one > > > in __range_ok(). The same prctl() option will be used for controlling > > > the precise/imprecise mode of MTE later on. We can use a TIF_ flag here > > > assuming that this will be called early on and any cloned thread will > > > inherit this. > > > > Updated patch, inlining it below. Once we agreed on the approach, I > > think Andrey can insert in in this series, probably after patch 2. The > > differences from the one I posted yesterday: > > > > - renamed PR_* macros together with get/set variants and the possibility > > to disable the relaxed ABI > > > > - sysctl option - /proc/sys/abi/tagged_addr to disable the ABI globally > > (just the prctl() opt-in, tasks already using it won't be affected) > > > > And, of course, it needs more testing. > > Sure, I'll add it to the series. > > Should I drop access_ok() change from my patch, since yours just reverts it? Not necessary, your patch just relaxes the ABI for all apps, mine tightens it. You could instead move the untagging to __range_ok() and rebase my patch accordingly. -- Catalin _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel