* [PATCH v2] uaccess: add noop untagged_addr definition @ 2019-06-04 12:04 Andrey Konovalov 2019-06-04 12:28 ` Jason Gunthorpe 2019-06-07 20:10 ` Linus Torvalds 0 siblings, 2 replies; 6+ messages in thread From: Andrey Konovalov @ 2019-06-04 12:04 UTC (permalink / raw) To: Linus Torvalds, linux-arm-kernel, sparclinux, linux-mm, linux-kernel Cc: Catalin Marinas, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Jason Gunthorpe, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy, Andrey Konovalov Architectures that support memory tagging have a need to perform untagging (stripping the tag) in various parts of the kernel. This patch adds an untagged_addr() macro, which is defined as noop for architectures that do not support memory tagging. The oncoming patch series will define it at least for sparc64 and arm64. Acked-by: Catalin Marinas <catalin.marinas@arm.com> Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- include/linux/mm.h | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/include/linux/mm.h b/include/linux/mm.h index 0e8834ac32b7..dd0b5f4e1e45 100644 --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -99,6 +99,17 @@ extern int mmap_rnd_compat_bits __read_mostly; #include <asm/pgtable.h> #include <asm/processor.h> +/* + * Architectures that support memory tagging (assigning tags to memory regions, + * embedding these tags into addresses that point to these memory regions, and + * checking that the memory and the pointer tags match on memory accesses) + * redefine this macro to strip tags from pointers. + * It's defined as noop for arcitectures that don't support memory tagging. + */ +#ifndef untagged_addr +#define untagged_addr(addr) (addr) +#endif + #ifndef __pa_symbol #define __pa_symbol(x) __pa(RELOC_HIDE((unsigned long)(x), 0)) #endif -- 2.22.0.rc1.311.g5d7573a151-goog ^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v2] uaccess: add noop untagged_addr definition 2019-06-04 12:04 [PATCH v2] uaccess: add noop untagged_addr definition Andrey Konovalov @ 2019-06-04 12:28 ` Jason Gunthorpe 2019-06-04 12:34 ` Andrey Konovalov 2019-06-04 12:38 ` Catalin Marinas 2019-06-07 20:10 ` Linus Torvalds 1 sibling, 2 replies; 6+ messages in thread From: Jason Gunthorpe @ 2019-06-04 12:28 UTC (permalink / raw) To: Andrey Konovalov Cc: Linus Torvalds, linux-arm-kernel, sparclinux, linux-mm, linux-kernel, Catalin Marinas, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy On Tue, Jun 04, 2019 at 02:04:47PM +0200, Andrey Konovalov wrote: > Architectures that support memory tagging have a need to perform untagging > (stripping the tag) in various parts of the kernel. This patch adds an > untagged_addr() macro, which is defined as noop for architectures that do > not support memory tagging. The oncoming patch series will define it at > least for sparc64 and arm64. > > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > include/linux/mm.h | 11 +++++++++++ > 1 file changed, 11 insertions(+) > > diff --git a/include/linux/mm.h b/include/linux/mm.h > index 0e8834ac32b7..dd0b5f4e1e45 100644 > +++ b/include/linux/mm.h > @@ -99,6 +99,17 @@ extern int mmap_rnd_compat_bits __read_mostly; > #include <asm/pgtable.h> > #include <asm/processor.h> > > +/* > + * Architectures that support memory tagging (assigning tags to memory regions, > + * embedding these tags into addresses that point to these memory regions, and > + * checking that the memory and the pointer tags match on memory accesses) > + * redefine this macro to strip tags from pointers. > + * It's defined as noop for arcitectures that don't support memory tagging. > + */ > +#ifndef untagged_addr > +#define untagged_addr(addr) (addr) Can you please make this a static inline instead of this macro? Then we can actually know what the input/output types are supposed to be. Is it static inline unsigned long untagged_addr(void __user *ptr) {return ptr;} ? Which would sort of make sense to me. Jason ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] uaccess: add noop untagged_addr definition 2019-06-04 12:28 ` Jason Gunthorpe @ 2019-06-04 12:34 ` Andrey Konovalov 2019-06-04 12:38 ` Catalin Marinas 1 sibling, 0 replies; 6+ messages in thread From: Andrey Konovalov @ 2019-06-04 12:34 UTC (permalink / raw) To: Jason Gunthorpe Cc: Linus Torvalds, Linux ARM, sparclinux, Linux Memory Management List, LKML, Catalin Marinas, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy On Tue, Jun 4, 2019 at 2:28 PM Jason Gunthorpe <jgg@ziepe.ca> wrote: > > On Tue, Jun 04, 2019 at 02:04:47PM +0200, Andrey Konovalov wrote: > > Architectures that support memory tagging have a need to perform untagging > > (stripping the tag) in various parts of the kernel. This patch adds an > > untagged_addr() macro, which is defined as noop for architectures that do > > not support memory tagging. The oncoming patch series will define it at > > least for sparc64 and arm64. > > > > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > > Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > include/linux/mm.h | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/include/linux/mm.h b/include/linux/mm.h > > index 0e8834ac32b7..dd0b5f4e1e45 100644 > > +++ b/include/linux/mm.h > > @@ -99,6 +99,17 @@ extern int mmap_rnd_compat_bits __read_mostly; > > #include <asm/pgtable.h> > > #include <asm/processor.h> > > > > +/* > > + * Architectures that support memory tagging (assigning tags to memory regions, > > + * embedding these tags into addresses that point to these memory regions, and > > + * checking that the memory and the pointer tags match on memory accesses) > > + * redefine this macro to strip tags from pointers. > > + * It's defined as noop for arcitectures that don't support memory tagging. > > + */ > > +#ifndef untagged_addr > > +#define untagged_addr(addr) (addr) > > Can you please make this a static inline instead of this macro? Then > we can actually know what the input/output types are supposed to be. > > Is it > > static inline unsigned long untagged_addr(void __user *ptr) {return ptr;} > > ? > > Which would sort of make sense to me. Hm, I'm not sure. arm64 specifically defines this as a macro that works on different kinds of pointer compatible types to avoid casting everywhere it's used: https://elixir.bootlin.com/linux/v5.1.7/source/arch/arm64/include/asm/memory.h#L214 > > Jason ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] uaccess: add noop untagged_addr definition 2019-06-04 12:28 ` Jason Gunthorpe 2019-06-04 12:34 ` Andrey Konovalov @ 2019-06-04 12:38 ` Catalin Marinas 2019-06-04 13:01 ` Jason Gunthorpe 1 sibling, 1 reply; 6+ messages in thread From: Catalin Marinas @ 2019-06-04 12:38 UTC (permalink / raw) To: Jason Gunthorpe Cc: Andrey Konovalov, Linus Torvalds, linux-arm-kernel, sparclinux, linux-mm, linux-kernel, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy On Tue, Jun 04, 2019 at 09:28:41AM -0300, Jason Gunthorpe wrote: > On Tue, Jun 04, 2019 at 02:04:47PM +0200, Andrey Konovalov wrote: > > Architectures that support memory tagging have a need to perform untagging > > (stripping the tag) in various parts of the kernel. This patch adds an > > untagged_addr() macro, which is defined as noop for architectures that do > > not support memory tagging. The oncoming patch series will define it at > > least for sparc64 and arm64. > > > > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > > Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > include/linux/mm.h | 11 +++++++++++ > > 1 file changed, 11 insertions(+) > > > > diff --git a/include/linux/mm.h b/include/linux/mm.h > > index 0e8834ac32b7..dd0b5f4e1e45 100644 > > +++ b/include/linux/mm.h > > @@ -99,6 +99,17 @@ extern int mmap_rnd_compat_bits __read_mostly; > > #include <asm/pgtable.h> > > #include <asm/processor.h> > > > > +/* > > + * Architectures that support memory tagging (assigning tags to memory regions, > > + * embedding these tags into addresses that point to these memory regions, and > > + * checking that the memory and the pointer tags match on memory accesses) > > + * redefine this macro to strip tags from pointers. > > + * It's defined as noop for arcitectures that don't support memory tagging. > > + */ > > +#ifndef untagged_addr > > +#define untagged_addr(addr) (addr) > > Can you please make this a static inline instead of this macro? Then > we can actually know what the input/output types are supposed to be. > > Is it > > static inline unsigned long untagged_addr(void __user *ptr) {return ptr;} > > ? > > Which would sort of make sense to me. This macro is used mostly on unsigned long since for __user ptr we can deference them in the kernel even if tagged. So if we are to use types here, I'd rather have: static inline unsigned long untagged_addr(unsigned long addr); In addition I'd like to avoid the explicit casting to (unsigned long) and use some userptr_to_ulong() or something. We are investigating in parallel on how to leverage static checking (sparse, smatch) for better tracking these conversions. -- Catalin ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] uaccess: add noop untagged_addr definition 2019-06-04 12:38 ` Catalin Marinas @ 2019-06-04 13:01 ` Jason Gunthorpe 0 siblings, 0 replies; 6+ messages in thread From: Jason Gunthorpe @ 2019-06-04 13:01 UTC (permalink / raw) To: Catalin Marinas Cc: Andrey Konovalov, Linus Torvalds, linux-arm-kernel, sparclinux, linux-mm, linux-kernel, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy On Tue, Jun 04, 2019 at 01:38:00PM +0100, Catalin Marinas wrote: > On Tue, Jun 04, 2019 at 09:28:41AM -0300, Jason Gunthorpe wrote: > > On Tue, Jun 04, 2019 at 02:04:47PM +0200, Andrey Konovalov wrote: > > > Architectures that support memory tagging have a need to perform untagging > > > (stripping the tag) in various parts of the kernel. This patch adds an > > > untagged_addr() macro, which is defined as noop for architectures that do > > > not support memory tagging. The oncoming patch series will define it at > > > least for sparc64 and arm64. > > > > > > Acked-by: Catalin Marinas <catalin.marinas@arm.com> > > > Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com> > > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > > include/linux/mm.h | 11 +++++++++++ > > > 1 file changed, 11 insertions(+) > > > > > > diff --git a/include/linux/mm.h b/include/linux/mm.h > > > index 0e8834ac32b7..dd0b5f4e1e45 100644 > > > +++ b/include/linux/mm.h > > > @@ -99,6 +99,17 @@ extern int mmap_rnd_compat_bits __read_mostly; > > > #include <asm/pgtable.h> > > > #include <asm/processor.h> > > > > > > +/* > > > + * Architectures that support memory tagging (assigning tags to memory regions, > > > + * embedding these tags into addresses that point to these memory regions, and > > > + * checking that the memory and the pointer tags match on memory accesses) > > > + * redefine this macro to strip tags from pointers. > > > + * It's defined as noop for arcitectures that don't support memory tagging. > > > + */ > > > +#ifndef untagged_addr > > > +#define untagged_addr(addr) (addr) > > > > Can you please make this a static inline instead of this macro? Then > > we can actually know what the input/output types are supposed to be. > > > > Is it > > > > static inline unsigned long untagged_addr(void __user *ptr) {return ptr;} > > > > ? > > > > Which would sort of make sense to me. > > This macro is used mostly on unsigned long since for __user ptr we can > deference them in the kernel even if tagged. What does that mean? Do all kernel apis that accept 'void __user *' already untag due to other patches? > So if we are to use types here, I'd rather have: > > static inline unsigned long untagged_addr(unsigned long addr); > > In addition I'd like to avoid the explicit casting to (unsigned long) > and use some userptr_to_ulong() or something. Personally I think it is a very bad habit we have in the kernel to store a 'void __user *' as a u64 or an unsigned long all over the place. AFAIK a u64 passed in from userpace is supposed to be converted to the 'void __user *' via u64_to_user_ptr() before it can be used. (IIRC Some arches require this..) So, if I have a ioctl that takes a user pointer as a u64, and I want to pass it to find_vma, then I do need to write: find_vma(untagged_addr(u64_to_user_ptr(ioctl_u64))) Right? So, IMHO, not accepting a 'void __user *' is just encouraging drivers to skip the needed u64_to_user_ptr() step. At the very worst we should have at least a 2nd function, but, IMHO, it would be better to do a bit more work on adding missing u64_to_user_ptr() calls to get the 'void __user *', and maybe a bit more work on swapping unsigned long for 'void __user *' in various places. Jason ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v2] uaccess: add noop untagged_addr definition 2019-06-04 12:04 [PATCH v2] uaccess: add noop untagged_addr definition Andrey Konovalov 2019-06-04 12:28 ` Jason Gunthorpe @ 2019-06-07 20:10 ` Linus Torvalds 1 sibling, 0 replies; 6+ messages in thread From: Linus Torvalds @ 2019-06-07 20:10 UTC (permalink / raw) To: Andrey Konovalov, Christoph Hellwig Cc: Linux ARM, sparclinux, Linux-MM, Linux List Kernel Mailing, Catalin Marinas, Vincenzo Frascino, Will Deacon, Mark Rutland, Andrew Morton, Greg Kroah-Hartman, Kees Cook, Yishai Hadas, Felix Kuehling, Alexander Deucher, Christian Koenig, Mauro Carvalho Chehab, Jens Wiklander, Alex Williamson, Leon Romanovsky, Luc Van Oostenryck, Dave Martin, Khalid Aziz, enh, Jason Gunthorpe, Christoph Hellwig, Dmitry Vyukov, Kostya Serebryany, Evgeniy Stepanov, Lee Smith, Ramana Radhakrishnan, Jacob Bramley, Ruben Ayrapetyan, Robin Murphy, Kevin Brodsky, Szabolcs Nagy On Tue, Jun 4, 2019 at 5:04 AM Andrey Konovalov <andreyknvl@google.com> wrote: > > Architectures that support memory tagging have a need to perform untagging > (stripping the tag) in various parts of the kernel. This patch adds an > untagged_addr() macro, which is defined as noop for architectures that do > not support memory tagging. Ok, applied directly to my tree so that people can use this independently starting with rc4 (which I might release tomorrow rather than Sunday because I have some travel). Linus ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-06-07 20:11 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2019-06-04 12:04 [PATCH v2] uaccess: add noop untagged_addr definition Andrey Konovalov 2019-06-04 12:28 ` Jason Gunthorpe 2019-06-04 12:34 ` Andrey Konovalov 2019-06-04 12:38 ` Catalin Marinas 2019-06-04 13:01 ` Jason Gunthorpe 2019-06-07 20:10 ` Linus Torvalds
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).