From: Catalin Marinas <catalin.marinas@arm.com>
To: Gregory Price <gourry.memverge@gmail.com>
Cc: linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org,
linux-arch@vger.kernel.org, oleg@redhat.com, avagin@gmail.com,
peterz@infradead.org, luto@kernel.org, krisman@collabora.com,
tglx@linutronix.de, corbet@lwn.net, shuah@kernel.org,
arnd@arndb.de, Gregory Price <gregory.price@memverge.com>
Subject: Re: [PATCH v15 2/4] syscall user dispatch: untag selector addresses before access_ok
Date: Thu, 30 Mar 2023 23:40:59 +0100 [thread overview]
Message-ID: <ZCYP+4gRZDqC0lRo@arm.com> (raw)
In-Reply-To: <20230330212121.1688-3-gregory.price@memverge.com>
On Thu, Mar 30, 2023 at 05:21:22PM -0400, Gregory Price wrote:
> diff --git a/kernel/entry/syscall_user_dispatch.c b/kernel/entry/syscall_user_dispatch.c
> index 22396b234854..16086226b41c 100644
> --- a/kernel/entry/syscall_user_dispatch.c
> +++ b/kernel/entry/syscall_user_dispatch.c
> @@ -87,7 +87,18 @@ static int task_set_syscall_user_dispatch(struct task_struct *task, unsigned lon
> if (offset && offset + len <= offset)
> return -EINVAL;
>
> - if (selector && !access_ok(selector, sizeof(*selector)))
> + /*
> + * access_ok will clear memory tags for tagged addresses on tasks where
> + * memory tagging is enabled. To enable a tracer to set a tracee's
> + * selector not in the same tagging state, the selector address must be
> + * untagged for access_ok, otherwise an untagged tracer will always fail
> + * to set a tagged tracee's selector.
> + *
> + * The result of this is that a tagged tracer may be capable of setting
> + * an invalid address, and the tracee will SIGSEGV on the next syscall.
> + * This is equivalent to a task setting a bad selector (selector=0x1).
> + */
I'd drop the last paragraph above. Even without tagged pointers, a tracer
can set an invalid address (as you already mentioned) but the phrasing
some implies (to me) that if we did it differently, the tracer would not be
able to set an invalid pointer.
Either way,
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
--
Catalin
next prev parent reply other threads:[~2023-03-30 22:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-30 21:21 [PATCH v15 0/4] Checkpoint Support for Syscall User Dispatch Gregory Price
2023-03-30 21:21 ` [PATCH v15 1/4] syscall_user_dispatch: helper function to operate on given task Gregory Price
2023-03-30 21:21 ` [PATCH v15 2/4] syscall user dispatch: untag selector addresses before access_ok Gregory Price
2023-03-30 22:40 ` Catalin Marinas [this message]
2023-04-04 10:45 ` Oleg Nesterov
2023-04-04 17:33 ` Catalin Marinas
2023-04-05 10:57 ` Catalin Marinas
2023-04-05 16:02 ` Oleg Nesterov
2023-03-30 21:21 ` [PATCH v15 3/4] ptrace,syscall_user_dispatch: checkpoint/restore support for SUD Gregory Price
2023-03-30 21:21 ` [PATCH v15 4/4] selftest,ptrace: Add selftest for syscall user dispatch config api Gregory Price
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZCYP+4gRZDqC0lRo@arm.com \
--to=catalin.marinas@arm.com \
--cc=arnd@arndb.de \
--cc=avagin@gmail.com \
--cc=corbet@lwn.net \
--cc=gourry.memverge@gmail.com \
--cc=gregory.price@memverge.com \
--cc=krisman@collabora.com \
--cc=linux-arch@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=oleg@redhat.com \
--cc=peterz@infradead.org \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).