Thread (72 messages) 72 messages, 9 authors, 2019-06-12

Re: [PATCH v16 02/16] arm64: untag user pointers in access_ok and __uaccess_mask_ptr

From: Andrey Konovalov <hidden>
Date: 2019-06-12 11:03:25
Also in: amd-gfx, dri-devel, kvm, linux-kselftest, linux-media, linux-mm, linux-rdma, lkml

On Tue, Jun 11, 2019 at 7:39 PM Catalin Marinas [off-list ref] wrote:
On Tue, Jun 11, 2019 at 07:09:46PM +0200, Andrey Konovalov wrote:
quoted
On Tue, Jun 11, 2019 at 4:57 PM Catalin Marinas [off-list ref] wrote:
quoted
On Mon, Jun 10, 2019 at 06:53:27PM +0100, Catalin Marinas wrote:
quoted
On Mon, Jun 03, 2019 at 06:55:04PM +0200, Andrey Konovalov wrote:
quoted
diff --git a/arch/arm64/include/asm/uaccess.h b/arch/arm64/include/asm/uaccess.h
index e5d5f31c6d36..9164ecb5feca 100644
--- a/arch/arm64/include/asm/uaccess.h
+++ b/arch/arm64/include/asm/uaccess.h
@@ -94,7 +94,7 @@ static inline unsigned long __range_ok(const void __user *addr, unsigned long si
    return ret;
 }

-#define access_ok(addr, size)      __range_ok(addr, size)
+#define access_ok(addr, size)      __range_ok(untagged_addr(addr), size)
I'm going to propose an opt-in method here (RFC for now). We can't have
a check in untagged_addr() since this is already used throughout the
kernel for both user and kernel addresses (khwasan) but we can add one
in __range_ok(). The same prctl() option will be used for controlling
the precise/imprecise mode of MTE later on. We can use a TIF_ flag here
assuming that this will be called early on and any cloned thread will
inherit this.
Updated patch, inlining it below. Once we agreed on the approach, I
think Andrey can insert in in this series, probably after patch 2. The
differences from the one I posted yesterday:

- renamed PR_* macros together with get/set variants and the possibility
  to disable the relaxed ABI

- sysctl option - /proc/sys/abi/tagged_addr to disable the ABI globally
  (just the prctl() opt-in, tasks already using it won't be affected)

And, of course, it needs more testing.
Sure, I'll add it to the series.

Should I drop access_ok() change from my patch, since yours just reverts it?
Not necessary, your patch just relaxes the ABI for all apps, mine
tightens it. You could instead move the untagging to __range_ok() and
rebase my patch accordingly.
OK, will do. I'll also add a comment next to TIF_TAGGED_ADDR as Vincenzo asked.
--
Catalin
_______________________________________________
linux-arm-kernel mailing list
linux-arm-kernel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-arm-kernel
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help